CVE-2025-67036 is a command injection vulnerability identified in Lantronix EDS5000 firmware version 2.1.0.0R3. The vulnerability arises from insufficient input sanitization on the Log Info page, which allows authenticated users to specify log file names. Because the file name parameter is not properly sanitized, an attacker can inject arbitrary operating system commands. These commands are executed with root privileges, granting full control over the affected device. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code). The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and requiring privileges but no user interaction. Although no public exploits are currently known, the vulnerability's nature and root-level execution make it a critical threat. The affected product, Lantronix EDS5000, is used in embedded device server applications, often in industrial or enterprise environments, increasing the potential impact of compromise. The lack of available patches at the time of disclosure necessitates immediate mitigation efforts.

Successful exploitation of this vulnerability allows an authenticated attacker to execute arbitrary commands as root, leading to complete compromise of the affected device. This can result in unauthorized data access, modification, or deletion, disruption of device functionality, and potential pivoting to other network assets. Given the device's role in managing embedded systems or industrial equipment, exploitation could disrupt critical infrastructure operations or enterprise services. The high privileges granted to the attacker amplify the risk, enabling installation of persistent malware, data exfiltration, or launching further attacks within the network. Organizations relying on Lantronix EDS5000 devices face significant operational and security risks until the vulnerability is remediated.

1. Immediately restrict access to the Lantronix EDS5000 management interface to trusted administrators and secure networks only. 2. Implement strong authentication and network segmentation to limit exposure of the vulnerable device. 3. Monitor logs and network traffic for unusual activities indicative of exploitation attempts. 4. If possible, disable or restrict access to the Log Info page or any functionality that allows specifying log file names until a patch is available. 5. Engage with Lantronix support to obtain any available firmware updates or security advisories addressing this issue. 6. Employ application-layer firewalls or intrusion prevention systems to detect and block command injection patterns targeting this device. 7. Conduct thorough security assessments of all embedded device servers in the environment to identify similar vulnerabilities. 8. Prepare incident response plans to quickly isolate and remediate affected devices in case of compromise.