CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 24, 2026

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The Hacker News Archived Jun 24, 2026 ✓ Full text saved

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution

Full text archived locally
✦ AI Summary · Claude Sonnet


    CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited Ravie LakshmananJun 24, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution of arbitrary commands with elevated privileges. "The HTTP RPC module executes a shell command to write logs when the user's authentication fails," according to the vulnerability's description on CVE.org. "The username is directly concatenated with the command without any sanitization. This allows attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges." The security flaw was disclosed by Forescout Research Vedere Labs in April 2026 as part of a broader set of vulnerabilities collectively codenamed BRIDGE:BREAK that impacted serial-to-IP converters from Lantronix and Silex. There are currently no details on how the vulnerability is being exploited, or who is making the effort. The disclosure comes as CISA also confirmed active exploitation of three maximum-severity security defects in Ubiquity UniFi OS, days after Defused Cyber said it detected in-the-wild abuse of the remote code execution chain comprising CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910 to deploy commodity malware. CVE-2026-34908 - An improper input validation vulnerability that could allow a malicious actor with access to the network to conduct command injection CVE-2026-34909 - A path traversal vulnerability that could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account. CVE-2026-34910 - An improper access control vulnerability that could allow a malicious actor with access to the network to make unauthorized changes to the system. Earlier this month, Bishop Fox detailed a proof-of-concept (PoC) that chains together the three shortcomings to obtain a reverse shell with full root privileges in a single request. Patches for the flaws were released by Ubiquiti late last month. "The vulnerabilities could allow remote attackers to make unauthorized system changes, access sensitive files, disclose information, or execute arbitrary commands on vulnerable systems, highly impacting the confidentiality, integrity, and availability of targeted devices," Belgium's Centre for Cybersecurity said. "Given that UniFi OS devices are often centrally integrated into networks, successful compromise could enable lateral movement and broader network compromise." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  CISA, Command Injection, Lantronix, Malware, network security, remote code execution, Ubiquiti, UniFi OS, Vulnerability ⚡ Top Stories This Week Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now ⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files Cybersecurity Stars Awards 2026: Winners Announced Across 95 Categories Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs ⭐ Featured Resources AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown [Watch Demo] See Which Security Gaps Attackers Could Exploit First Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale
    💬 Team Notes
    Article Info
    Source
    The Hacker News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗