An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "tunnel" parameter when killing a tunnel connection. Injected commands are executed with root privileges.
CVE-2025-67037
NONE
EPSS 0.04%
Updated Mar 11, 2026
Lantronix
CVE Details
CVE ID
CVE-2025-67037
Published Date
Mar 11, 2026
Vendor
Lantronix
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.04%
Likelihood of exploitation in next 30 days
Percentile:
13.5th percentile (higher than 13.5% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory