CVE-2025-67037

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://eds5000.com	Not Applicable
http://lantronix.com	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*

cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*

cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*

cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-11 17:16

Updated : 2026-03-19 20:13

NVD link : CVE-2025-67037

Mitre link : CVE-2025-67037

CVE.ORG link : CVE-2025-67037

JSON object : View

Products Affected

lantronix

eds5032_firmware
eds5008_firmware
eds5032
eds5016
eds5008
eds5016_firmware

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-67037", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-03-11T17:16:51.900", "references": [{"url": "http://eds5000.com", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://lantronix.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the \"tunnel\" parameter when killing a tunnel connection. Injected commands are executed with root privileges."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad en Lantronix EDS5000 2.1.0.0R3. Un atacante autenticado puede inyectar comandos del sistema operativo en el par\u00e1metro 'tunnel' al finalizar una conexi\u00f3n de t\u00fanel. Los comandos inyectados se ejecutan con privilegios de root."}], "lastModified": "2026-03-19T20:13:48.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds5032_firmware:2.1.0.0:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C529D16-1DCD-4189-8543-F68094F235B8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds5032:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04B4C755-3690-44B1-900A-71C5BEB4A1C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds5008_firmware:2.1.0.0:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9E5F912-430B-49D0-8E5A-B50B176DD50D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds5008:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B983DA3B-63DC-4981-A671-66A674234E80"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds5016_firmware:2.1.0.0:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4134547D-338A-4553-AAE7-5A2DFE374A20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds5016:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86808903-C99D-4C74-A1D2-3E708B2074D8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}