The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw affecting Lantronix EDS5000 Series devices, urging federal Civil Executive Branch (FCEB) agencies to implement a fix by June 26, 2026.
The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution of arbitrary commands with elevated privileges.
According to the description of the vulnerability on CVE.org, “The HTTP RPC module executes a shell command to write a log if the user’s authentication fails.” “The username is directly appended to the command without any sanitization. This allows attackers to inject arbitrary OS commands in the username parameter. The injected commands are executed with root privileges.”
The security flaw was disclosed by Forescout Research Vedre Labs in April 2026 as part of a broader set of vulnerabilities, collectively named BRIDGE:BREAK, that affected serial-to-IP converters from Lantronics and Silex. There are currently no details on how the vulnerability is being exploited, or who is attempting.
The disclosure comes as CISA also confirmed active exploitation of three maximum-severe security flaws in Ubiquity UniFi OS, days after Diffuse Cyber said it had discovered wild abuse of the remote code execution chain, including CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, to deploy commodity malware.
- CVE-2026-34908 – An improper input validation vulnerability that could allow a malicious actor with access to the network to conduct command injection
- CVE-2026-34909 – A path traversal vulnerability that could allow a malicious actor with network access to access files on the underlying system that could be manipulated to access the underlying account.
- CVE-2026-34910 – An improper access control vulnerability that could allow a malicious actor with network access to make unauthorized changes to the system.
Earlier this month, Bishop Fox detailed a proof-of-concept (POC) that combines three vulnerabilities together to obtain a reverse shell with full root privileges in a single request. Patches for the flaws were released by Ubiquiti late last month.
“The vulnerabilities could allow remote attackers to make unauthorized system changes, access sensitive files, disclose information, or execute arbitrary commands on vulnerable systems, which could drastically impact the confidentiality, integrity, and availability of targeted devices,” the Belgian Center for Cyber Security said.
“Given that UniFi OS devices are often centrally integrated into networks, successful compromise could enable lateral movement and broader network compromise.”
