CISA issued an alert on Tuesday warning that a critical vulnerability in Lantronix EDS5000 Series devices is being actively exploited, urging federal agencies to apply fixes by June 26, 2026.
The flaw, tracked as CVE-2025-67038 (CVSS 9.8), is a code injection vulnerability in the device’s HTTP RPC module. When a user fails authentication, the module executes a shell command to write logs — but the username parameter is directly concatenated into the command without any sanitization. That lets attackers inject arbitrary OS commands that run with root privileges.
The vulnerability was disclosed by Forescout Research Vedere Labs in April 2026 as part of a broader set of flaws codenamed BRIDGE:BREAK, affecting serial-to-IP converters from both Lantronix and Silex. There are no details yet on who is exploiting it or how.
The alert comes alongside CISA’s confirmation of active exploitation of three maximum-severity Ubiquiti UniFi OS vulnerabilities (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) that have been chained together to deploy commodity malware. Patches for the UniFi flaws were released by Ubiquiti late last month.
Organizations running Lantronix EDS5000 devices should prioritize patching immediately.
