CVE-2025-70082

Lantronix · EDS3000PS

The Lantronix EDS3000PS v.3.1.0.0R2 contains a vulnerability in the ltrx_evo component that allows remote attackers to execute arbitrary code and access sensitive information.

Executive summary

The Lantronix EDS3000PS device is vulnerable to remote code execution, posing a critical risk of total system compromise.

Vulnerability

This vulnerability resides in the ltrx_evo component, which fails to properly sanitize inputs, allowing an unauthenticated attacker to execute arbitrary code and retrieve sensitive data.

Business impact

With a CVSS score of 9.8, this vulnerability represents a critical threat to organizational integrity. Successful exploitation allows an attacker to gain full control over the device, potentially leading to unauthorized data exfiltration, lateral movement within the network, and significant operational disruption.

Remediation

Immediate Action: Update the Lantronix EDS3000PS firmware to the latest available vendor-supplied version immediately.

Proactive Monitoring: Monitor device access logs for unusual ltrx_evo component activity and investigate any unexpected outbound network traffic originating from the device.

Compensating Controls: Implement strict network segmentation and apply access control lists (ACLs) to limit access to the device management interface to trusted administrative IP addresses only.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

This vulnerability is highly severe and requires immediate attention to prevent unauthorized access. Administrators should prioritize patching the affected firmware versions to eliminate the code execution vector and secure the device environment.