CVE-2025-70082
Lantronix · EDS3000PS
The Lantronix EDS3000PS v.3.1.0.0R2 contains a vulnerability in the ltrx_evo component that allows remote attackers to execute arbitrary code and access sensitive information.
Executive summary
The Lantronix EDS3000PS device is vulnerable to remote code execution, posing a critical risk of total system compromise.
Vulnerability
This vulnerability resides in the ltrx_evo component, which fails to properly sanitize inputs, allowing an unauthenticated attacker to execute arbitrary code and retrieve sensitive data.
Business impact
With a CVSS score of 9.8, this vulnerability represents a critical threat to organizational integrity. Successful exploitation allows an attacker to gain full control over the device, potentially leading to unauthorized data exfiltration, lateral movement within the network, and significant operational disruption.
Remediation
Immediate Action: Update the Lantronix EDS3000PS firmware to the latest available vendor-supplied version immediately.
Proactive Monitoring: Monitor device access logs for unusual ltrx_evo component activity and investigate any unexpected outbound network traffic originating from the device.
Compensating Controls: Implement strict network segmentation and apply access control lists (ACLs) to limit access to the device management interface to trusted administrative IP addresses only.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability is highly severe and requires immediate attention to prevent unauthorized access. Administrators should prioritize patching the affected firmware versions to eliminate the code execution vector and secure the device environment.