CyberSecurity News

Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning

SecurityWeek

· June 25, 2026

AI summary

A vulnerability in Lantronix Serial-to-IP converters is being exploited in attacks. The flaw, identified as CVE-2025-67038, was disclosed in April as part of the BRIDGE:BREAK research project, which focused on operational technology threats.

Vulnerabilities mentioned

An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.

Read the full article at SecurityWeekwww.securityweek.com/lantronix-serial-to-ip-converter-flaw-exploited-in-attacks-after-ot-threat-warning/

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to SecurityWeek.