← Back to home
ICSA-26-069-02  ·  Published 2026-03-10  ·  View on CISA ICS-CERT ↗

Lantronix EDS3000PS and EDS5000

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code with root-level privileges.

CVEs (8)

Remediations

  • For vulnerabilities CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038 Lantronix recommends users upgrade to EDS5000 version 2.2.0.0R1. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032.
  • For vulnerabilities CVE-2025-67039, CVE-2025-70082, and CVE-2025-67041, Lantronix recommends users upgrade to EDS3000PS version 3.2.0.0R2. The patch can be found here: https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/1349189633/Latest+Firmware+for+the+EDS3000PS+series.

Affected Vendors

Lantronix

Affected Products (2)

Lantronix · EDS3000PS 3.1.0.0R2
Lantronix · EDS5000 2.1.0.0R3

Affected Sectors

Communications, Information Technology, Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more