CVE-2025-67038 in the Lantronix EDS5000 serial device server is confirmed in CISA KEV with active exploitation and a mandatory federal remediation deadline of June 26, 2026. The EDS5000 is a serial-to-network bridge commonly deployed in ICS and OT environments, and exploitation can enable interception or manipulation of communications between IT and OT systems. CVSS base score is pending NVD publication; EPSS is 0.01131 (62nd percentile), indicating moderate exploitation probability.