ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Vulnerabilities

CISA urges action on actively exploited Lantronix EDS5000 code injection bug

Source headline: CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

Threat level Critical
Signal strength 85/100
Source confidence 1 source
Published 18 hours ago

Intelligence Summary

CISA warns that a critical code injection vulnerability affecting Lantronix EDS5000 Series devices is being actively exploited. The flaw, tracked as CVE-2025-67038, has a very high CVSS score of 9.8. Successful exploitation could allow attackers to run malicious code on impacted systems. CISA recommends Federal Civilian Executive Branch agencies apply the vendor fixes by June 26, 2026. Organizations using EDS5000 devices should assess exposure and patch or mitigate as soon as possible.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#active-exploitation #code-injection #cve-2025-67038 #eds5000 #lantronix
Original reporting The Hacker News CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
Open original source

Related Pulse Signals

View all signals
High · Vulnerabilities Lantronix Serial-to-IP Converter CVE-2025-67038 reportedly exploited after OT alert High · Vulnerabilities GitLab issues security fixes for code execution and information leaks Critical · Vulnerabilities Chrome 149 patches 18 serious memory-safety bugs, including use-after-free Critical · Vulnerabilities Cisco SD-WAN zero-day CVE-2026-20245 reportedly exploited months pre-patch