An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenticated attacker can inject arbitrary OS commands that are executed with root privileges.
CVE-2025-67036
NONE
EPSS 0.04%
Updated Mar 11, 2026
Lantronix
CVE Details
CVE ID
CVE-2025-67036
Published Date
Mar 11, 2026
Vendor
Lantronix
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.04%
Likelihood of exploitation in next 30 days
Percentile:
13.5th percentile (higher than 13.5% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory