PatchSiren cyber security CVE debrief
CVE-2025-67039 Unknown Vendor CVE debrief
CVE-2025-67039 is a critical authentication-bypass issue affecting Lantronix EDS3000PS and referenced in the same CISA advisory as EDS5000. The supplied advisory text says an attacker can bypass management-page authentication by appending a specific URL suffix and sending an Authorization header that uses "admin" as the username. Because the issue is network-reachable, requires no privileges or user interaction, and is rated with high confidentiality, integrity, and availability impact, it should be treated as an urgent exposure for OT/ICS environments.
- Vendor
- Unknown Vendor
- Product
- Lantronix EDS3000PS 3.1.0.0R2 EDS5000 2.1.0.0R3
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-10
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-10
Who should care
OT/ICS operators, plant engineers, and network defenders responsible for Lantronix EDS3000PS or EDS5000 deployments, especially where management interfaces are reachable from wider enterprise networks or any untrusted segment.
Technical summary
The CISA CSAF advisory states that authentication on management pages can be bypassed on Lantronix EDS3000PS 3.1.0.0R2 by combining a specific URL suffix with an Authorization header using the username "admin." The advisory rates the issue CVSS v3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating remote exploitation with no prerequisites beyond network access. Remediation guidance in the corpus directs users of EDS3000PS to upgrade to version 3.2.0.0R2. The source corpus names EDS5000 in the advisory title and metadata, but the detailed vulnerability text and fix guidance are explicit for EDS3000PS.
Defensive priority
Immediate
Recommended defensive actions
- Upgrade Lantronix EDS3000PS to firmware version 3.2.0.0R2 per the vendor guidance in the CISA advisory.
- Confirm whether your EDS5000 deployments are covered by a separate vendor fix path or additional advisory before scheduling remediation.
- Restrict device management interfaces to trusted admin networks only; do not expose them directly to the internet or broad enterprise segments.
- Review device and network logs for suspicious management-page requests, unusual URL suffixes, and Authorization headers that attempt to authenticate as "admin."
- Validate configuration integrity on affected devices and look for unauthorized management changes after exposure.
- Apply CISA industrial control system recommended practices and defense-in-depth guidance for segmentation, monitoring, and access control.
Evidence notes
Source evidence comes from the CISA CSAF advisory ICSA-26-069-02, published 2026-03-10. The advisory description states: "An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses \"admin\" as the username." The advisory assigns CVSS v3.1 9.8 and lists the vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Remediation in the corpus recommends upgrading EDS3000PS to 3.2.0.0R2. The source references and advisory title also include EDS5000, but the detailed vulnerability text provided is specific to EDS3000PS.
Official resources
-
CVE-2025-67039 CVE record
CVE.org
-
CVE-2025-67039 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed through CISA ICS Advisory ICSA-26-069-02, first published 2026-03-10. The supplied corpus does not include exploit code, proof-of-concept details, or attacker-campaign attribution.