CISA says CVE-2025-67038 is being actively exploited and affects Lantronix EDS5000 serial-to-IP device servers used to manage serial devices in OT environments. The flaw allows an unauthenticated attacker to inject OS commands as root, potentially enabling full device takeover, lateral movement, data theft, and disruption of connected systems. #CVE-2025-67038 #Lantronix #EDS5000 #CISA #BRIDGEBREAK
Keypoints
- CISA confirmed in-the-wild exploitation of CVE-2025-67038.
- The flaw affects Lantronix EDS5000 serial-to-IP device servers.
- An unauthenticated attacker can inject commands through a username parameter.
- Successful exploitation can execute commands with root privileges.
- The compromise may enable lateral movement, data exfiltration, and operational disruption.