ГлавнаяУязвимости → CVE-2025-67041
9.8критическая

CVE-2025-67041

Описание

An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The host parameter of the TFTP client in the Filesystem Browser page is not properly sanitized. This can be exploited to escape from the original command and execute an arbitrary one with root privileges.

Затрагиваемое ПО
Lantronix Eds3016ps1ns firmwareLantronix Eds3016ps1nsLantronix Eds3008ps1ns firmwareLantronix Eds3008ps1ns
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02