CVE-2025-67035 is a critical vulnerability discovered in Lantronix EDS5000 firmware version 2.1.0.0R3. The issue arises from improper input sanitization in the web interface's SSH Client and SSH Server management pages. Specifically, when performing delete operations on various objects such as server keys, user accounts, and known hosts, the input parameters are vulnerable to OS command injection (CWE-94). This allows an attacker to craft malicious input that injects arbitrary shell commands executed with root privileges on the device. The vulnerability requires no authentication and no user interaction, making it highly exploitable remotely over the network. The CVSS v3.1 base score is 9.8, reflecting the critical impact on confidentiality, integrity, and availability. The root-level command execution can lead to complete device takeover, data theft, network pivoting, or persistent backdoors. Despite the severity, no patches or public exploits have been reported yet. The affected product, Lantronix EDS5000, is an embedded device often used for secure device management and remote access in enterprise environments, increasing the risk profile. The vulnerability was reserved in December 2025 and published in March 2026, indicating recent discovery and disclosure.

The impact of CVE-2025-67035 is severe for organizations deploying Lantronix EDS5000 devices. Successful exploitation grants attackers root-level control over the device, enabling them to execute arbitrary commands, manipulate system configurations, exfiltrate sensitive data, or disrupt network operations. Since these devices often serve as gateways or management consoles for critical infrastructure, compromise can lead to lateral movement within corporate networks, undermining broader security postures. The lack of authentication and user interaction requirements means attackers can remotely exploit the vulnerability without prior access, increasing the attack surface. Potential consequences include full device compromise, network breaches, data loss, and operational downtime. Organizations relying on these devices for secure remote access or device management face heightened risks of espionage, sabotage, or ransomware deployment.

Given the absence of available patches, organizations should immediately implement compensating controls. These include isolating affected Lantronix EDS5000 devices on segmented networks with strict access controls and firewall rules limiting inbound connections to trusted sources only. Disable or restrict web interface access if possible, especially the SSH Client and Server management pages. Monitor network traffic and device logs for unusual command execution patterns or unauthorized access attempts. Employ network intrusion detection systems (NIDS) with signatures targeting command injection attempts. If feasible, replace or upgrade affected devices to versions confirmed to be patched once available. Additionally, enforce strong network segmentation to prevent attackers from pivoting from compromised devices to critical infrastructure. Regularly review and audit device configurations and access permissions to minimize exposure. Engage with Lantronix support for updates and advisories. Finally, prepare incident response plans specific to embedded device compromise scenarios.