{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67038", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-12T16:06:41.785Z", "dateReserved": "2025-12-08T00:00:00.000Z", "datePublished": "2026-03-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-11T16:12:30.541Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://lantronix.com"}, {"url": "http://eds5000.com"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T16:04:58.981003Z", "id": "CVE-2025-67038", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:06:41.785Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67038", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T16:04:58.981003Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:05:43.751Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://lantronix.com"}, {"url": "http://eds5000.com"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-11T16:12:30.541Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67038", "state": "PUBLISHED", "dateUpdated": "2026-03-12T16:06:41.785Z", "dateReserved": "2025-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-11T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*", "matchCriteriaId": "7C529D16-1DCD-4189-8543-F68094F235B8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*", "matchCriteriaId": "04B4C755-3690-44B1-900A-71C5BEB4A1C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*", "matchCriteriaId": "C9E5F912-430B-49D0-8E5A-B50B176DD50D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*", "matchCriteriaId": "B983DA3B-63DC-4981-A671-66A674234E80", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*", "matchCriteriaId": "4134547D-338A-4553-AAE7-5A2DFE374A20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*", "matchCriteriaId": "86808903-C99D-4C74-A1D2-3E708B2074D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Lantronix EDS5000 2.1.0.0R3. El m\u00f3dulo HTTP RPC ejecuta un comando de shell para escribir registros cuando la autenticaci\u00f3n del usuario falla. El nombre de usuario se concatena directamente con el comando sin ninguna sanitizaci\u00f3n. Esto permite a los atacantes inyectar comandos arbitrarios del sistema operativo en el par\u00e1metro de nombre de usuario. Los comandos inyectados se ejecutan con privilegios de root."}], "id": "CVE-2025-67038", "lastModified": "2026-03-19T20:12:13.740", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-11T17:16:52.010", "references": [{"source": "[email protected]", "tags": ["Not Applicable"], "url": "http://eds5000.com"}, {"source": "[email protected]", "tags": ["Product"], "url": "http://lantronix.com"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.1.0.0R3"}}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "eds5000", "vendor": "lantronix"}], "created": "2026-03-12T10:06:36.926110+00:00", "updated": "2026-03-12T10:06:36.926187+00:00", "vendors": ["lantronix", "lantronix$PRODUCT$eds5000"]}