CVE-2025-67035

CRITICAL
2026-03-11 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 11, 2026 - 17:16 nvd
CRITICAL 9.8

Tags

Ssh

Description

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.

Analysis

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Technical Context

Multiple vulnerability types in Lantronix EDS management interface.

Affected Products

['Lantronix EDS5000/EDS3000PS']

Remediation

Apply firmware update. Restrict management access.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +49
POC: 0

Share

CVE-2025-67035 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy