CISA Alerts Agencies to Active Exploitation of Critical Lantronix Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical code injection vulnerability, CVE-2025-67038, actively being exploited in Lantronix EDS5000 Series devices. This flaw, rated 9.8 on the CVSS scale, enables attackers to execute arbitrary commands with elevated privileges. CISA has mandated that federal agencies apply necessary patches by June 26, 2026, underscoring the significant risk to industrial control systems and operational technology environments.