An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
CVE-2025-67034
NONE
EPSS 0.04%
Updated Mar 11, 2026
Lantronix
CVE Details
CVE ID
CVE-2025-67034
Published Date
Mar 11, 2026
Vendor
Lantronix
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.04%
Likelihood of exploitation in next 30 days
Percentile:
13.5th percentile (higher than 13.5% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory