CVE-2025-67036 is a severe command injection vulnerability identified in Lantronix EDS5000 firmware version 2.1.0.0R3. The vulnerability arises from inadequate sanitization of the file name parameter on the Log Info page, which allows an authenticated attacker to inject arbitrary OS commands. These commands execute with root privileges, effectively granting full control over the device and potentially the network segment it resides on. The attack vector requires authentication, implying the attacker must have valid credentials or exploit another vulnerability to gain initial access. Once exploited, the attacker can manipulate system files, disrupt device operations, or pivot to other network assets. The lack of a CVSS score and absence of patches or public exploits indicate this is a newly disclosed issue. The device is commonly used in industrial and enterprise environments for device management and serial device server functions, making the vulnerability particularly impactful in operational technology (OT) and critical infrastructure contexts. The root-level command execution capability significantly elevates the threat level, as it bypasses typical privilege restrictions and security controls on the device.

The impact of CVE-2025-67036 is substantial for organizations using Lantronix EDS5000 devices. Successful exploitation allows attackers to execute arbitrary commands with root privileges, leading to full device compromise. This can result in unauthorized data access, manipulation or deletion of logs, disruption of device functionality, and potential lateral movement within the network. In industrial or critical infrastructure environments, this could cause operational downtime, safety risks, and loss of control over essential systems. The requirement for authentication limits exposure to some extent, but insider threats or compromised credentials could enable exploitation. The absence of patches means organizations remain vulnerable until a fix is released. Given the device’s role in network management and serial device connectivity, attackers could leverage this vulnerability to establish persistent footholds or launch further attacks on connected systems, amplifying the overall risk.

To mitigate CVE-2025-67036, organizations should immediately restrict access to the Lantronix EDS5000 management interface using network segmentation and firewall rules, limiting it to trusted administrators only. Enforce strong authentication mechanisms and rotate credentials regularly to reduce the risk of credential compromise. Monitor device logs and network traffic for unusual activities indicative of command injection attempts or unauthorized access. Disable or restrict the Log Info page functionality if possible until a patch is available. Employ intrusion detection/prevention systems (IDS/IPS) with signatures targeting command injection patterns. Engage with Lantronix support to obtain timelines for patches or firmware updates addressing this vulnerability. Consider deploying compensating controls such as application-layer gateways or proxy solutions that sanitize inputs before reaching the device. Finally, maintain an incident response plan tailored to OT environments to quickly contain and remediate any exploitation attempts.