Lantronix EDS3000PS and EDS5000

Act Now9.8ICS-CERT ICSA-26-069-02Mar 10, 2026

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Lantronix EDS5000 and EDS3000PS devices contain multiple authentication bypass and command execution vulnerabilities (CVE-2025-67034 through CVE-2025-67038) that allow unauthenticated network attackers to execute arbitrary commands with root-level privileges. These devices are serial device servers commonly used to provide remote network access to legacy industrial equipment. Successful exploitation could allow complete compromise of the device and the serial-connected equipment it manages.

What this means

What could happen

An attacker could bypass authentication on Lantronix EDS serial device servers and execute commands with root privileges, potentially allowing manipulation of connected serial-based industrial equipment, disruption of remote access to control systems, or complete compromise of the device.

Who's at risk

Water utilities and municipal utilities operating Lantronix EDS3000PS or EDS5000 serial device servers—these are used to provide remote network access to legacy serial-based control devices (SCADA, telemetry gateways, RTUs, PLCs with serial ports). Manufacturing and other process industries using these devices are also affected.

How it could be exploited

An attacker on the network sends specially crafted authentication requests to the EDS device's management interface (likely port 9001 or SSH). Due to authentication bypass vulnerabilities, the attacker gains access without valid credentials and executes arbitrary commands with root-level privileges to install backdoors, alter device configuration, or disable remote management.

Prerequisites

Network access to the EDS device management interface (likely port 9001 for web interface or port 22 for SSH)
No authentication credentials required—vulnerabilities allow authentication bypass

remotely exploitableno authentication requiredlow complexitycritical CVSS (9.8)affects legacy control system accessdefault or weak credential risk on older firmware

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

1 with fix1 pending

ProductAffected VersionsFix Status

EDS5000: 2.1.0.0R32.1.0.0R32.2.0.0R1

EDS3000PS: 3.1.0.0R23.1.0.0R2No fix yet

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGFor EDS3000PS, contact Lantronix support for patch status and timeline; if no patch is available, implement workarounds below

WORKAROUNDRestrict network access to EDS device management interfaces (ports 9001, 22) using firewall rules; allow only from authorized engineering workstations or administrative networks

HARDENINGDeploy EDS devices behind a network boundary (firewall or air gap) separate from the business network and internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade EDS5000 devices to firmware version 2.2.0.0R1 or later

HARDENINGIf remote access to EDS devices is required, use a VPN with current security patches and multi-factor authentication to mediate access

CVEs (8)

CVE-2025-67039 CVE-2025-70082 CVE-2025-67041 CVE-2025-67034 CVE-2025-67035 CVE-2025-67036 CVE-2025-67037 CVE-2025-67038

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e8d81825-8978-4185-b147-2c38374369d3