CVE-2025-67034

Name of the Vulnerable Software and Affected Versions Lantronix EDS5000 version 2.1.0.0R3

Description An authenticated attacker can inject operating system commands into the name parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges. The affected API endpoint is the SSL credential deletion function within the management interface.

Recommendations Versions prior to 2.1.0.0R3 are potentially vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.