External risk intelligence

Lantronix EDS3000PS Arbitrary Code Execution via ltrx_evo Component

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2025-70082

The product is a Lantronix EDS series device, which functions as a terminal server or device gateway. These appliances are commonly deployed to bridge serial devices to network environments and are frequently exposed as management interfaces or edge gateways to facilitate remote connectivity.

OS Command Injection

Lantronix Eds3016ps1ns Firmware

3.1.0.0r2

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This critical vulnerability in Lantronix EDS3000PS devices, specifically within the `ltr_evo` component, allows for arbitrary code execution and sensitive information disclosure due to network accessibility with no authentication requirements. The primary concern is confirming the relevance and exposure of these devices within our environment.

  • Unauthenticated attackers can run custom code.
  • Confirms device relevance and exposure is key.
  • Understand device exposure to manage risk.

Attack Path

How an attacker could exploit the issue

An attacker can reach this vulnerability over the network without needing any special access or authentication. The issue lies within the ltrx_evo component, and when triggered, it allows an attacker to execute arbitrary code and steal sensitive information.

  • No authentication or special access required.
  • Exploitation via the ltrx_evo component.
  • Arbitrary code execution and data theft.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to execute arbitrary code and gain sensitive information from the Lantronix EDS3000PS. This is possible when the ltrx_evo component is exposed to the network.

  • System control and sensitive data could be compromised.
  • Attackers may exploit network exposure.
  • Unauthorized access and information disclosure.

Operational Fix

Recommended remediation, mitigation, and detection steps

This critical vulnerability in Lantronix EDS devices likely impacts infrastructure or device management teams responsible for network-connected serial devices. The initial step involves identifying all deployed Lantronix EDS units, assessing their network exposure and business criticality, and then locating the accountable owner for remediation planning.

  • Infrastructure or device management teams own this.
  • Verify network exposure and criticality first.
  • Plan remediation based on identified risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Lantronix EDS3000PS?

The Lantronix EDS3000PS is a specialized terminal server or device gateway. These appliances act as a bridge, allowing older serial-based hardware to communicate over modern Ethernet networks. They are commonly used in industrial or enterprise settings to manage remote connectivity for devices like sensors, controllers, or legacy systems.

How does CVE-2025-70082 affect the device?

This vulnerability involves a weakness class known as OS Command Injection (CWE-78), among others. It allows an unauthorized user to bypass normal security controls and interact directly with the underlying operating system. By targeting the ltrx_evo component, an attacker can run their own arbitrary code and potentially access sensitive information stored on the gateway.

Do I need special access to trigger this bug?

No. The vulnerability is reachable over the network without requiring any prior authentication, user interaction, or special privileges. This means the flaw can be triggered simply by sending a specifically crafted request to the device. Note that local-only activity or management tasks performed through a physical console port typically do not involve the network-facing ltrx_evo component affected here.

Why is my device considered potentially at risk?

According to Halo Surface Signal, Lantronix EDS series devices are often deployed as management interfaces or edge gateways, which frequently places them on the public internet or accessible network segments. Because this vulnerability is network-based and lacks authentication, any device reachable from an untrusted network is a potential target for unauthorized access.

What should I do if I run these Lantronix devices?

Your first step is to inventory all deployed EDS units within your network to determine which ones are running the affected firmware version. Once identified, evaluate the network placement of these devices to see if they are exposed to wider network segments. You should then coordinate with the system owners to prioritize these devices for security updates or isolation based on their business function and connectivity.

References