CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The US Cybersecurity and Infrastructure Security Agency has warned that a critical security flaw in Lantronix EDS5000 Series devices is being actively exploited. The vulnerability, identified as CVE-2025-67038 with a CVSS score of 9.8, is a code injection flaw that could allow for code execution. CISA is urging Federal Civilian Executive Branch agencies to apply fixes by June 26, 2026. The flaw poses a significant risk due to its high CVSS score, indicating a severe vulnerability. CISA's warning suggests that the exploitation of this flaw is an ongoing threat.