What is the CVSS score of CVE-2025-67041?

CVE-2025-67041 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Lantronix EDS3000PS are affected by CVE-2025-67041?

A critical vulnerability in Lantronix EDS3000PS devices allows unauthenticated remote attackers to execute arbitrary code through the TFTP client parameter, potentially compromising network…

How to fix or mitigate CVE-2025-67041?

Within 24 hours: Identify and inventory all Lantronix EDS3000PS 3.1.0.0R2 devices in your environment and isolate them from critical network segments if possible. Within 7 days: Implement network-level mitigations including access controls restricting TFTP traffic and disabling the Filesystem Browser feature if operationally feasible; contact Lantronix for patch availability and timeline. Within 30 days: Develop a remediation plan including device replacement or upgrade to patched firmware versions when available, and conduct security assessments of affected systems for compromise indicators.

Lantronix EDS3000PS CVE-2025-67041

CRITICAL

OS Command Injection (CWE-78)

2026-03-11 cve@mitre.org

Command Injection

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 11, 2026 - 17:16 nvd

CRITICAL 9.8

DescriptionCVE.org

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Articles & Coverage 1

vulnerability.circl.lu Lantronix EDS3000PS/EDS5000 Multiple Critical Vulnerabilities (CVE-2025-67034 to CVE-2025-70082) Mar 11, 2026

AnalysisAI

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Technical ContextAI

Multiple vulnerability types in Lantronix EDS management interface.

Affected ProductsAI

Lantronix EDS5000/EDS3000PS

RemediationAI

Apply firmware update. Restrict management access.

CVE-2025-67041 vulnerability details – vuln.today

Back

Lantronix EDS3000PS CVE-2025-67041

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Articles & Coverage 1

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code