CVE-2025-67035

OS Injection Vulnerabilities in Lantronix EDS5000 SSH Client and Server Pages Allow Remote Command Execution with Root Privileges

Description

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An attacker can inject arbitrary commands in delete actions of various objects, such as server keys, users, and known hosts. Commands are executed with root privileges.

INFO

Published Date :

2026-03-11T00:00:00.000Z

Last Modified :

2026-03-12T14:34:11.984Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-67035 vulnerability.

Vendors	Products
Lantronix	Eds5000 Eds5008 Eds5008 Firmware Eds5016 Eds5016 Firmware Eds5032 Eds5032 Firmware

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-67035.

URL	Resource
http://eds5000.com
http://lantronix.com
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact