24 June 2026
Reference: CVE-2025-67038
1. What is being reported?
The Lantronix EDS5000 device has a security weakness known as a code injection vulnerability. This means attackers can insert harmful software into the device, which could let them take control or disrupt its normal operation.
2. What this means in plain English
If your business uses this device, attackers might be able to access your network or data through it. This could lead to data loss, disruption of services, or other security problems. Because this vulnerability is actively being exploited, it is important to address it promptly.
3. Could this affect a small business?
Small businesses that use Lantronix EDS5000 devices, especially those connected to the internet or cloud services, are at risk. If you do not use this device, or it is not connected externally, you are likely not affected.
4. What to do now
- Check if your business uses Lantronix EDS5000 devices.
- Contact your IT provider or Lantronix support to get and apply the recommended security updates or mitigations immediately.
- If no fix is available, consider disconnecting the device from the internet or cloud services until it is secured.
- Review your network exposure and follow official guidance on prioritising security updates based on risk.
5. Ask your IT provider
Can you confirm if our Lantronix EDS5000 devices are affected by the CVE-2025-67038 vulnerability, and what steps are being taken to apply the necessary security updates or mitigations?
6. Bottom line
If you use Lantronix EDS5000 devices, act now to secure them against an actively exploited vulnerability.
Information based on CISA KEV and reputable security reporting.