CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Tuesday regarding the active exploitation of a critical security vulnerability, CVE-2025-67038, affecting Lantronix EDS5000 Series devices. This code injection flaw carries a CVSS score of 9.8, indicating a severe risk of remote code execution. CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies must implement the necessary security patches by June 26, 2026, to mitigate the threat. The exploitation of this vulnerability could allow unauthorized actors to gain control over affected devices, potentially disrupting critical infrastructure operations and leading to data breaches. Lantronix has released firmware updates to address the issue, and agencies are advised to verify the successful application of these updates. The agency emphasized the urgency of the situation, given the ongoing exploitation, and recommended immediate action to secure these devices.