PatchSiren cyber security CVE debrief
CVE-2025-67041 Unknown Vendor CVE debrief
CVE-2025-67041 is a command-injection issue in the Filesystem Browser TFTP client path described by CISA. The advisory says the host parameter is not properly sanitized and can be abused to escape the intended command and execute arbitrary commands with root privileges. CISA’s advisory title covers Lantronix EDS3000PS and EDS5000, but the vulnerability text specifically names EDS3000PS 3.1.0.0R2 and the remediation text calls for upgrading EDS3000PS to 3.2.0.0R2.
- Vendor
- Unknown Vendor
- Product
- Lantronix EDS3000PS 3.1.0.0R2 EDS5000 2.1.0.0R3
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-03-10
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-03-10
Who should care
OT and industrial-network defenders, Lantronix device owners, and operators who expose or administer EDS3000PS/EDS5000 management interfaces should treat this as a high-priority fix. It matters most where the Filesystem Browser/TFTP functionality is reachable by privileged users on production equipment.
Technical summary
The issue is a sanitization failure in the Filesystem Browser page’s TFTP client host parameter. According to the CISA CSAF text, an attacker can break out of the intended command and execute arbitrary commands as root. The supplied CVSS vector is AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, which indicates network reachability, low complexity, no user interaction, but high privileges required on the target.
Defensive priority
High. The impact is severe because successful abuse yields root-level arbitrary command execution, but the supplied CVSS vector also shows high privileges are required, which lowers urgency compared with unauthenticated remote code execution. Prioritize remediation on any exposed or shared administrative deployments.
Recommended defensive actions
- Upgrade affected Lantronix EDS3000PS systems to version 3.2.0.0R2 as recommended in the advisory.
- Confirm whether EDS5000 deployments are in scope for your environment and validate vendor guidance before and after remediation.
- Restrict access to device management interfaces and the Filesystem Browser to trusted administrative networks only.
- Audit for unexpected command execution, configuration changes, or filesystem/tftp activity on affected devices.
- Track this advisory as a patch-management item even though no KEV listing was supplied in the corpus.
Evidence notes
Primary evidence comes from the CISA CSAF advisory source item (ICSA-26-069-02), published 2026-03-10, which states that the host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized and can lead to arbitrary command execution with root privileges. The same source also provides the remediation recommendation to upgrade EDS3000PS to 3.2.0.0R2. The supplied data does not include a KEV entry. Product naming in the advisory is somewhat mixed: the title references EDS3000PS and EDS5000, while the vulnerability description specifically names EDS3000PS 3.1.0.0R2.
Official resources
-
CVE-2025-67041 CVE record
CVE.org
-
CVE-2025-67041 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in CISA’s advisory on 2026-03-10; the supplied corpus shows an initial publication with no modification changes and no KEV designation.