CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The Hacker NewsArchived Jun 24, 2026✓ Full text saved
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution
Full text archived locally
✦ AI Summary· Claude Sonnet
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
Ravie LakshmananJun 24, 2026Vulnerability / Network Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026.
The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution of arbitrary commands with elevated privileges.
"The HTTP RPC module executes a shell command to write logs when the user's authentication fails," according to the vulnerability's description on CVE.org. "The username is directly concatenated with the command without any sanitization. This allows attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges."
The security flaw was disclosed by Forescout Research Vedere Labs in April 2026 as part of a broader set of vulnerabilities collectively codenamed BRIDGE:BREAK that impacted serial-to-IP converters from Lantronix and Silex. There are currently no details on how the vulnerability is being exploited, or who is making the effort.
The disclosure comes as CISA also confirmed active exploitation of three maximum-severity security defects in Ubiquity UniFi OS, days after Defused Cyber said it detected in-the-wild abuse of the remote code execution chain comprising CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to deploy commodity malware.
CVE-2026-34908 - An improper input validation vulnerability that could allow a malicious actor with access to the network to conduct command injection
CVE-2026-34909 - A path traversal vulnerability that could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.
CVE-2026-34910 - An improper access control vulnerability that could allow a malicious actor with access to the network to make unauthorized changes to the system.
Earlier this month, Bishop Fox detailed a proof-of-concept (PoC) that chains together the three shortcomings to obtain a reverse shell with full root privileges in a single request. Patches for the flaws were released by Ubiquiti late last month.
"The vulnerabilities could allow remote attackers to make unauthorized system changes, access sensitive files, disclose information, or execute arbitrary commands on vulnerable systems, highly impacting the confidentiality, integrity, and availability of targeted devices," Belgium's Centre for Cybersecurity said.
"Given that UniFi OS devices are often centrally integrated into networks, successful compromise could enable lateral movement and broader network compromise."
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
SHARE
Tweet
Share
Share
SHARE
CISA, Command Injection, Lantronix, Malware, network security, remote code execution, Ubiquiti, UniFi OS, Vulnerability
⚡ Top Stories This Week
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
⭐ Featured Resources
AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown
[Watch Demo] See Which Security Gaps Attackers Could Exploit First
Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check
Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale