CVE-2025-67035 is a vulnerability identified in Lantronix EDS5000 firmware version 2.1.0.0R3, specifically within the SSH Client and SSH Server web interface pages. The root cause is the lack of proper sanitization of input parameters in the delete actions for various objects such as server keys, users, and known hosts. This improper input validation allows an attacker to perform OS command injection, effectively inserting arbitrary commands that the system executes with root-level privileges. The vulnerability arises because the web interface directly passes user-supplied input to system commands without adequate filtering or escaping, leading to command injection. Given the root privilege execution, an attacker can fully control the device, potentially altering configurations, installing malware, or pivoting within the network. The vulnerability does not currently have a CVSS score, and no patches or fixes are publicly available at this time. No evidence of exploitation in the wild has been reported, but the severity and ease of exploitation make it a significant risk. The affected product, Lantronix EDS5000, is used in network infrastructure environments for secure device management, making this vulnerability particularly impactful for organizations relying on these devices for SSH access and network operations.

The impact of CVE-2025-67035 is severe due to the ability of an attacker to execute arbitrary commands with root privileges on affected Lantronix EDS5000 devices. This can lead to complete compromise of the device, including unauthorized access to sensitive network management functions, disruption of network services, and potential lateral movement within the organization's network. Attackers could modify or delete critical configuration files, create backdoors, or exfiltrate sensitive data. Since the vulnerability affects SSH management interfaces, it undermines the security of remote administration, which is often a critical control point in enterprise environments. Organizations using these devices in their infrastructure could face operational downtime, data breaches, and loss of trust. The lack of authentication or user interaction requirements (if confirmed) would further increase the risk of automated or remote exploitation. The absence of known exploits in the wild currently provides a window for mitigation, but the threat remains high given the nature of the vulnerability and the privileged execution context.

To mitigate CVE-2025-67035, organizations should immediately restrict access to the Lantronix EDS5000 management interfaces to trusted networks and administrators only, using network segmentation and firewall rules. Employ VPNs or secure tunnels to limit exposure of the device's web interface to the internet or untrusted networks. Monitor device logs for unusual command execution or access patterns indicative of exploitation attempts. Since no official patch is currently available, consider disabling or limiting the use of the affected SSH Client and Server web interface pages if possible. Engage with Lantronix support or vendors to obtain updates or patches as soon as they are released. Implement strict input validation and sanitization controls in any custom management interfaces or scripts interacting with these devices. Regularly audit and update device firmware and configurations to reduce attack surface. Finally, maintain an incident response plan tailored to network device compromise scenarios to quickly contain and remediate any exploitation.