The U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) recently escalated its warnings, adding a critical security flaw impacting **Lantronix EDS5000 Series** devices to its Known Exploited Vulnerabilities Catalog. Federal Civilian Executive Branch (**FCEB**) agencies have been urged to apply necessary fixes by June 26, 2026. ### Critical Code Injection in Lantronix Devices The vulnerability, identified as **CVE-2025-67038** (CVSS score: 9.8), is a severe code injection flaw. It could allow attackers to execute arbitrary commands with elevated privileges on affected devices. According to the CVE description, the HTTP RPC module in **Lantronix EDS5000 Series** devices executes a shell command to log failed user authentications. Critically, the username is directly concatenated with this command without proper sanitization. This oversight enables attackers to inject arbitrary operating system commands into the username parameter, which are then executed with root privileges. This flaw was initially disclosed by **Forescout Research Vedere Labs** in April 2026 as part of **BRIDGE:BREAK**, a broader set of vulnerabilities impacting serial-to-IP converters from **Lantronix** and **Silex**. Details on the current exploitation methods or the threat actors involved remain undisclosed. ### Ubiquiti UniFi OS Flaws Under Active Attack In a related development, **CISA** has also confirmed active exploitation of three maximum-severity security defects in **Ubiquiti UniFi OS**. This follows reports from **Defused Cyber** detecting in-the-wild abuse of a remote code execution chain to deploy commodity malware. The exploited vulnerabilities include: * **CVE-2026-34908**: An improper input validation vulnerability allowing command injection by a malicious actor with network access. * **CVE-2026-34909**: A path traversal vulnerability that could grant network-accessible malicious actors access to underlying system files, potentially leading to account compromise. * **CVE-2026-34910**: An improper access control vulnerability enabling unauthorized system changes by a malicious actor with network access. Earlier this month, **Bishop Fox** published a proof-of-concept (PoC) demonstrating how these three vulnerabilities could be chained together to obtain a reverse shell with full root privileges in a single request. **Ubiquiti** released patches for these flaws late last month. The Belgium's Centre for Cybersecurity (**CCB**) warned that these vulnerabilities could allow remote attackers to make unauthorized system changes, access sensitive files, disclose information, or execute arbitrary commands. Given that **UniFi OS** devices are often central to network infrastructure, successful compromise could facilitate lateral movement and broader network breaches.