Lantronix EDS5000 Serial-to-IP Converter Vulnerability Exploited in Wild
CVE-2025-67038 in Lantronix EDS5000 devices enables unauthenticated remote code execution with root privileges; CISA confirms active exploitation targeting OT environments.
Attack Brief
TargetLantronix EDS5000 serial-to-IP device serversVectorUnauthenticated OS command injection via username parameter leading to root-level code executionAttributionunattributed
Technical Details
CVE IDsCVE-2025-67038MITRE ATT&CKT1190T1059AffectedLantronix EDS5000 serial-to-IP device servers
Impact
Sectorsoperational technologyindustrialhealthcareConfirmed DamageFull device compromise enabling lateral movement, command and control establishment, data exfiltration, and network disruption; potential manipulation of sensor readings to conceal dangerous conditionsGeographyUnited States
Mitigation
DetectionZoomEye reports thousands of internet-exposed Lantronix systems; CISA added CVE-2025-67038 to Known Exploited Vulnerabilities catalog on June 23, 2026
Context
Similar AttacksCVE-2025-67038 is one of 20 serial-to-IP product vulnerabilities collectively tracked as BRIDGE:BREAK, disclosed by Forescout in April 2026, affecting Lantronix and Silex products with demonstrated capability to manipulate sensor readings and deploy malicious firmware
Source
https://www.securityweek.com/lantronix-serial-to-ip-converter-flaw-exploited-in-attacks-after-ot-threat-warning/on 2026-06-25T00:00:00Z2 sources