CVE-2025-67038 is a critical vulnerability in the Lantronix EDS5000 industrial device server, reported as CISA KEV-confirmed with a June 26, 2026 BOD 22-01 remediation deadline. Technical details including CVSS score, CWE classification, and specific firmware versions are unconfirmed from available sources — the NVD record and Lantronix advisory are the authoritative sources and must be consulted before remediation planning. Organizations running EDS5000 appliances in OT/ICS environments should verify KEV status directly and apply vendor-issued firmware updates immediately upon confirmation.
