How to fix CVE-2025-67041?

Within 24 hours: Identify and inventory all Lantronix EDS3000PS 3.1.0.0R2 devices in your environment and isolate them from critical network segments if possible. Within 7 days: Implement network-level mitigations including access controls restricting TFTP traffic and disabling the Filesystem Browser feature if operationally feasible; contact Lantronix for patch availability and timeline. Within 30 days: Develop a remediation plan including device replacement or upgrade to patched firmware versions when available, and conduct security assessments of affected systems for compromise indicators.

Is Command Injection affected by CVE-2025-67041?

A critical vulnerability in Lantronix EDS3000PS devices allows unauthenticated remote attackers to execute arbitrary code through the TFTP client parameter, potentially compromising network infrastructure and sensitive data.

CVE-2025-67041

CRITICAL

2026-03-11 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

CVE Published

Mar 11, 2026 - 17:16 nvd

CRITICAL 9.8

Description

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Analysis

Critical vulnerability in Lantronix EDS serial device server (EDS5000/EDS3000PS). Multiple injection and auth bypass vulnerabilities in the management interface.

Technical Context

Multiple vulnerability types in Lantronix EDS management interface.

Affected Products

['Lantronix EDS5000/EDS3000PS']

Remediation

Apply firmware update. Restrict management access.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

CVE-2025-67041 vulnerability details – vuln.today

Back

CVE-2025-67041

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-67041

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code