← Back to news

Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning

SecurityWeek25/06/2026, 11:23
Read full article →

Summary

AI-Generated

Key Points:

  • CVE-2025-67038 is a critical vulnerability in Lantronix EDS5000 serial-to-IP device servers, allowing unauthenticated attackers to execute arbitrary OS commands with root privileges.
  • The vulnerability poses significant risks to operational technology (OT) systems, particularly in industrial and healthcare environments, potentially leading to manipulation of sensor readings and disruption of services.
  • Organizations are advised to patch affected devices immediately and monitor for unusual network activity indicative of exploitation.

Technical Details: CVE-2025-67038 allows attackers to inject commands into a username parameter, enabling full control over the device. This can facilitate lateral movement within networks and the establishment of command and control channels.

MITRE ATT&CK Techniques:

  • T1203 - Exploitation for Client Execution (Initial Access)
  • T1059.003 - Command and Scripting Interpreter: Windows Command Shell (Execution)
  • T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
  • T1041 - Exfiltration Over Command and Control Channel (Exfiltration)

IOCs Mentioned: None mentioned

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.