CVE-2025-67035CRITICAL 9.8EPSS p34.1%

CVE-2025-67035CVE-2025-67035

Description

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.1% · 2026-06-19T12:03:05Z
Published2026-03-11
Last modified2026-03-19

Underlying weaknesses· 1

CWE-94

References

  1. http://eds5000.com
  2. http://lantronix.com
  3. https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-67034
CVE
CVE-2025-67037
CVE
CVE-2025-67036
CVE
CVE-2025-67038
CVE
CVE-2025-67041
CVE
CVE-2025-70082
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.