Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning

The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project. The post Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning appeared first on SecurityWeek .

Report facts: CVE-2025-67038 is a critical OS command injection vulnerability in Lantronix EDS5000 serial-to-IP converters, allowing unauthenticated remote code execution with root privileges via a malformed username parameter in the HTTP RPC module.[1][4][6] CISA has confirmed active exploitation against OT environments and added the flaw to its Known Exploited Vulnerabilities catalog, following earlier BRIDGE:BREAK research outlining how such converters can be abused to manipulate industrial and healthcare sensor data and firmware.[1][2][6][7] CyberSE.AI analysis: Because serial-to-IP converters act as key infrastructure between sensors/actuators and higher-level control or analytics systems, compromise can indirectly impact AI-driven monitoring, control, and anomaly detection by feeding manipulated data or disrupting telemetry paths. Organizations should treat these devices as part of their AI supply chain, include them in SBOMs and dependency inventories, and apply segmented network design, rapid patching, and continuous testing to ensure AI agents and models do not rely on untrusted or easily-tampered OT data streams.