{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-67039", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-12T16:09:15.255Z", "dateReserved": "2025-12-08T00:00:00.000Z", "datePublished": "2026-03-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-11T16:13:27.031Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses \"admin\" as the username."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://lantronix.com"}, {"url": "http://eds3000ps.com"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-288", "lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T16:07:27.780188Z", "id": "CVE-2025-67039", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:09:15.255Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-67039", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-12T16:07:27.780188Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T16:08:01.529Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://lantronix.com"}, {"url": "http://eds3000ps.com"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses \"admin\" as the username."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-11T16:13:27.031Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67039", "state": "PUBLISHED", "dateUpdated": "2026-03-12T16:09:15.255Z", "dateReserved": "2025-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-11T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds3016ps1ns_firmware:3.1.0.0:r2:*:*:*:*:*:*", "matchCriteriaId": "7E17D9A3-EC74-42A2-B843-A877EF4D5AF5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds3016ps1ns:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AA79DF0-DBD7-46EA-AFD1-62C0A570DBBF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lantronix:eds3008ps1ns_firmware:3.1.0.0:r2:*:*:*:*:*:*", "matchCriteriaId": "F4140D69-4C70-4C1B-B533-578824E0081F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lantronix:eds3008ps1ns:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1227ACA-94C1-4532-84AD-0F5495CCFE3F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Lantronix EDS3000PS 3.1.0.0R2. The authentication on management pages can be bypassed by appending a specific suffix to the URL and by sending an Authorization header that uses \"admin\" as the username."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Lantronix EDS3000PS 3.1.0.0R2. La autenticaci\u00f3n en las p\u00e1ginas de administraci\u00f3n puede ser eludida al a\u00f1adir un sufijo espec\u00edfico a la URL y al enviar una cabecera de autorizaci\u00f3n que utiliza 'admin' como nombre de usuario."}], "id": "CVE-2025-67039", "lastModified": "2026-03-19T20:11:05.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-11T17:16:52.117", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://eds3000ps.com"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "http://lantronix.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-069-02"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1.0.0R2"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "eds3000ps", "vendor": "lantronix"}], "analysis": {"en": {"generated_at": "2026-03-19T21:54:06.418063+00:00", "value": {"mitigation_remediation": ["Check Lantronix\u2019s website or support portal for a firmware update that patches the authentication bypass on EDS3000PS devices.", "Restrict network access to the device\u2019s management interface to a trusted IP range or VPN only.", "Disable or change the default \"admin\" credentials and use strong, unique passwords.", "If available, enable multi\u2011factor authentication on the management interface.", "Configure the device firewall or upstream firewall to block unauthorized traffic to the management ports and monitor access logs for suspicious activity."], "summary": {"action": "Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The affected systems are Lantronix EDS3000PS firmware 3.1.0.0R2, as described in the vendor's advisory. The provided CPE strings also list hardware models EDS3008PS1NS and EDS3016PS1NS running the same firmware version, so those models should be considered vulnerable. No other firmware versions are mentioned in the available data.", "description_and_impact": "The vulnerability is an authentication bypass on management pages of Lantronix EDS3000PS devices running firmware 3.1.0.0R2. An attacker can append a specific suffix to the URL and send an Authorization header with username \"admin\", thereby bypassing authentication. This allows unauthorized access to the device's full management interface, potentially enabling configuration changes, data exposure, or denial of service. The weakness is identified as CWE-288: Authentication Bypass Without Authorization.", "risk_and_exploitability": "The CVSS score of 9.1 denotes a very high severity. The EPSS score of <1% indicates a low probability of exploitation at the time of reporting, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote network access to the device\u2019s HTTP/HTTPS management interface; an attacker only needs to construct the correct URL suffix and set the Authorization header with username \"admin\". Successful exploitation grants full control over the device without valid credentials."}}}}, "created": "2026-03-12T10:06:35.801023+00:00", "title": "Authentication Bypass on Lantronix EDS3000PS 3.1.0.0R2 Firmware", "updated": "2026-03-20T14:33:49.324658+00:00", "vendors": ["lantronix", "lantronix$PRODUCT$eds3000ps"]}