CVE-2025-67038 — Lantronix EDS5000 serial-to-IP converters: unauthenticated command injection to root (BRIDGE:BREAK, CISA KEV)

Forescout Vedere Labs' BRIDGE:BREAK research documented an unauthenticated OS command-injection flaw in Lantronix EDS5000-series device servers — the HTTP management interface concatenates unsanitised input into a shell call. The in-window development is its CISA KEV listing on 2026-06-23 with confirmed in-the-wild exploitation (covered in daily 06-24) — the first BRIDGE:BREAK flaw to flip from research to active abuse. Serial-to-IP converters sit in front of OT, building-management and medical serial devices; firmware 2.0.0R1 closes it. This is an energy/water/healthcare exposure, not an IT one.