Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Lantronix EDS5000 allows attackers to run commands with root access
CVE-2025-67037
Summary
An attacker who has already logged in to a Lantronix EDS5000 version 2.1.0.0R3 system can run any system command with full administrator privileges, potentially taking control of the system. This is a serious issue because it can allow an attacker to make changes to the system or steal sensitive data. To protect yourself, ensure that the system is updated to the latest version or consider replacing the device if a fix is not available.
Original title
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed...
Original description
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.
Vulnerability type
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026