How to fix CVE-2025-67037?

Within 24 hours: Inventory all Lantronix EDS5000 2.1.0.0R3 devices and restrict administrative access to trusted personnel only. Within 7 days: Implement network segmentation to isolate affected devices and disable tunnel kill functionality if operationally feasible; consider deploying WAF rules to block suspicious tunnel parameter inputs. Within 30 days: Contact Lantronix for patch availability status and develop an upgrade plan; if patches become available, prioritize patching within 48 hours of release.

Is Command Injection affected by CVE-2025-67037?

CVE-2025-67037 affects Lantronix EDS5000 devices and allows authenticated users to execute arbitrary operating system commands, potentially leading to complete device compromise and lateral network movement.

CVE-2025-67037

HIGH

2026-03-11 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 11, 2026 - 17:16 nvd

HIGH 8.8

Description

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.

Analysis

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. [CVSS 8.8 HIGH]

Technical Context

Classified as CWE-94 (Code Injection). An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.

Affected Products

An issue was discovered in Lantronix EDS5000 2.1.0.0R3

Remediation

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +44

POC: 0

CVE-2025-67037 vulnerability details – vuln.today

Back

CVE-2025-67037

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-67037

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code