CISA KEV: Patch Lantronix EDS5000 CVE-2025-67038

June 23, 2026 update: CISA added Lantronix EDS5000 CVE-2025-67038 to the Known Exploited Vulnerabilities catalog with a June 26, 2026 remediation due date for federal agencies. Operators should treat that as an emergency review window for exposed or reachable Lantronix EDS5000 serial device servers.

Plain-English impact: EDS5000 devices often bridge serial equipment into Ethernet networks. That can place legacy equipment, industrial controls, building systems, lab devices, point-of-sale peripherals, or remote management workflows one network hop away from a vulnerable appliance. A compromised device server can become a bridge into equipment that was never designed for broad network exposure.

This is a protect-only guide. It does not publish operational exploit details.

What is affected

NVD lists CVE-2025-67038 as a critical Lantronix EDS5000 vulnerability with CVSS 9.8. The NVD CPE data identifies affected EDS5008, EDS5016, and EDS5032 firmware 2.1.0.0R3. Lantronix’s public EDS5000 download area lists 2.2.0.0R1 as the current firmware package during this pass.

• EDS5008, EDS5016, or EDS5032 devices on affected firmware.
• Serial device servers reachable from user, guest, customer, vendor, or internet-facing networks.
• Industrial, lab, retail, access-control, building, AV, and remote equipment networks where serial bridges are easy to forget.
• MSP and hosting-provider customer environments where a small appliance may sit outside normal patch dashboards.

Safe update path

1. Find every EDS5000 device. Check network inventory, switch MAC tables, DHCP records, monitoring tools, rack labels, and customer site notes.
2. Record model, firmware, IP address, serial ports, and connected equipment. These devices often protect workflows that are not obvious from a hostname alone.
3. Export or record the current configuration. Capture the settings needed to restore serial-port behavior, management access, IP configuration, and connected application workflows.
4. Download firmware only from Lantronix. Use the official EDS5000 download page and review the release notes before applying firmware.
5. Schedule maintenance with the equipment owner. Serial bridges can affect badge systems, lab instruments, AV equipment, manufacturing devices, kiosks, or remote console access.
6. Apply the firmware update and verify the running version. Confirm the device reports the expected firmware after reboot, not only that the upload completed.
7. Restrict management exposure. Move management to a trusted admin network or VPN, remove internet exposure, and limit access from customer, guest, vendor, and general user networks.

Post-update verification

• The EDS5000 device reports the expected firmware version after reboot.
• Serial sessions, attached equipment, and dependent business workflows still operate normally.
• Management access is reachable only from trusted admin paths.
• Default, shared, or vendor-leftover credentials were removed or rotated.
• Logs were reviewed for unexplained logins, configuration changes, restarts, or unusual management access.
• Network segmentation prevents a compromised workstation or guest network from reaching the device management interface.

If you cannot patch immediately

Use temporary controls only until firmware can be applied. Remove public management exposure, isolate the device behind a trusted admin network or VPN, restrict source IPs at the firewall, monitor for unusual access, and document the connected equipment owner. If a device is unsupported, inaccessible, or no longer needed, plan replacement or removal instead of leaving it as a permanent exception.

Hosting and site-owner relevance

Many small organizations do not think of serial device servers as part of their cybersecurity patch process. Agencies, MSPs, web hosts, and IT support teams should include these devices in customer network inventories, especially when they support payment counters, door systems, cameras, lab devices, signage, or remote console equipment. The operational risk is not just the appliance itself. It is what the appliance can reach.

Related Fix I.T. Phill reading

• SolarWinds Serv-U CVE-2026-28318 KEV patch guide
• Ubiquiti UniFi OS CISA KEV patch guide
• Check Point CVE-2026-50751 VPN patch guide

Sources

• CISA Known Exploited Vulnerabilities catalog
• NVD entry for CVE-2025-67038
• Lantronix EDS5000 product page and downloads
• Lantronix EDS5000 2.2.0.0R1 release notes

Need help finding and patching forgotten network appliances? Fix I.T. Phill can help inventory serial bridges, firewall management interfaces, plan maintenance with equipment owners, and verify segmentation after firmware updates.