ctipilot.ch

Home · Live brief · Weekly 2026-W27

CVE-2025-67038 — Lantronix EDS5000 serial-to-IP converters: unauthenticated command injection to root (BRIDGE:BREAK, CISA KEV)

notable vulnerability discovered 2026-06-29 00:21 UTC

Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))

Forescout Vedere Labs' BRIDGE:BREAK research documented an unauthenticated OS command-injection flaw in Lantronix EDS5000-series device servers — the HTTP management interface concatenates unsanitised input into a shell call. The in-window development is its CISA KEV listing on 2026-06-23 with confirmed in-the-wild exploitation (covered in daily 06-24) — the first BRIDGE:BREAK flaw to flip from research to active abuse. Serial-to-IP converters sit in front of OT, building-management and medical serial devices; firmware 2.0.0R1 closes it. This is an energy/water/healthcare exposure, not an IT one.

“Forescout Vedere Labs' BRIDGE:BREAK research documented an unauthenticated OS command-injection flaw in Lantronix EDS5000-series device servers — the HTTP management interface concatenates unsanitised input into a shell call.” — ctipilot v2 brief (migrated)

vulnerabilities actively-exploited cisa-kev pre-auth rce ot-ics patch-available global europe CVE-2025-67038