A vulnerability tracked as CVE-2025-67038 affecting Lantronix EDS5000 device servers is being actively exploited, as reported by CISA. The flaw allows unauthenticated attackers to execute arbitrary OS commands with root privileges, posing significant risks to operational technology and healthcare systems. This vulnerability is part of a larger set of serial-to-IP product vulnerabilities known collectively as BRIDGE:BREAK, which can impact sensor readings and disrupt services.
Although CISA included CVE-2025-67038 in its Known Exploited Vulnerabilities catalog, there are currently no public reports of related attacks. Cybersecurity firm Aviatrix has detailed potential attack scenarios involving lateral movement within networks, sensitive data exfiltration, and operational disruptions.