CVE-2025-67041CRITICAL 9.8EPSS p34.3%

CVE-2025-67041CVE-2025-67041

Description

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.3% · 2026-06-18T12:00:27Z
Published2026-03-11
Last modified2026-03-19

Underlying weaknesses· 3

CWE-78CWE-288CWE-620

References

  1. http://eds3000ps.com
  2. http://lantronix.com
  3. https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

3

TypeTargetConfidenceTier
WeaknessAuthentication Bypass Using an Alternate Path or Channelcwe-2880%live
WeaknessUnverified Password Changecwe-6200%live
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-780%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-67036
CVE
CVE-2025-67037
CVE
CVE-2025-67035
CVE
CVE-2025-67038
CVE
CVE-2025-67034
CVE
CVE-2025-67039
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.