Cisco Unified CM Flaw: PoC Exploit Leads to Root Access
June 24, 2026News Analysis: Amadey And StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
June 25, 2026The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a critical security vulnerability affecting Lantronix EDS5000 Series devices. The flaw, tracked as CVE-2025-67038, carries a near-maximum CVSS score of 9.8, reflecting its severe potential impact. The vulnerability is classified as a code injection flaw, meaning attackers who successfully exploit it could execute arbitrary code on affected systems.
In response to the confirmed active exploitation, CISA has directed Federal Civilian Executive Branch (FCEB) agencies to apply available patches and mitigations no later than June 26, 2026. The Lantronix EDS5000 Series devices are typically used in industrial and enterprise environments to manage serial device connectivity over networks, making them potentially high-value targets for threat actors seeking access to critical infrastructure or sensitive operational systems.
Organizations using Lantronix EDS5000 Series hardware are strongly advised to review CISA’s advisory and prioritize patching as soon as possible, regardless of whether they fall under the FCEB mandate. Given the critical severity rating and confirmed exploitation in the wild, delaying remediation significantly increases the risk of a successful cyberattack, potentially leading to unauthorized system access, data compromise, or broader network disruption.
