CVE-2025-67041

{"id": "CVE-2025-67041", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-11T17:16:52.243", "references": [{"url": "http://eds3000ps.com", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://lantronix.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-288"}, {"lang": "en", "value": "CWE-620"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Lantronix EDS3000PS 3.1.0.0R2. El par\u00e1metro host del cliente TFTP en la p\u00e1gina del navegador de archivos no se sanea correctamente. Esto puede explotarse para escapar del comando original y ejecutar uno arbitrario con privilegios de root."}], "lastModified": "2026-03-19T20:09:32.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds3016ps1ns_firmware:3.1.0.0:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E17D9A3-EC74-42A2-B843-A877EF4D5AF5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds3016ps1ns:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8AA79DF0-DBD7-46EA-AFD1-62C0A570DBBF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds3008ps1ns_firmware:3.1.0.0:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4140D69-4C70-4C1B-B533-578824E0081F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds3008ps1ns:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1227ACA-94C1-4532-84AD-0F5495CCFE3F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}