CVE-2025-67036 Unknown Vendor CVE debrief

Who should care

Operators, OT/ICS administrators, and security teams managing Lantronix EDS3000PS or EDS5000 devices should prioritize this issue, especially where authenticated management access is exposed or broadly shared.

Technical summary

According to the supplied CISA CSAF advisory, the Log Info page lets users view log files by specifying file names. Missing sanitization in that parameter enables an authenticated attacker to inject OS commands that execute as root. The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, which is consistent with a network-reachable, privilege-gated command-injection weakness (CWE-78).

Defensive priority

High

Recommended defensive actions

• Upgrade EDS5000 to version 2.2.0.0R1 as recommended in the supplied advisory.
• Restrict access to device management interfaces to only trusted administrative hosts and networks.
• Review and reduce the number of authenticated users who can reach the Log Info page or similar management features.
• Monitor for unusual command execution, configuration changes, or unexpected log/file access on affected devices.
• Segment ICS/OT management traffic from general enterprise networks and apply least-privilege access controls.
• Validate asset inventory to confirm whether EDS3000PS or EDS5000 devices are deployed and whether they are on affected firmware versions.

Evidence notes

Primary evidence comes from the supplied CISA CSAF advisory ICSA-26-069-02, published 2026-03-10, which states that missing sanitization in the Log Info file-name parameter allows authenticated OS-command injection with root privileges. The advisory’s remediation section recommends upgrading EDS5000 to 2.2.0.0R1 for the listed CVEs, and the supplied enrichment marks this CVE as not added to CISA KEV.

Official resources