The US Cybersecurity and Infrastructure Safety Company (CISA) warns that hackers are actively exploiting flaws within the Ubiquity UniFi OS and Lantronix Serial-to-Ethernet servers.
In line with the BOD 26-04 directive, federal businesses have three days to use any obtainable safety updates or vendor-recommended mitigations.
The Ubiquiti flaws that CISA has added to its catalog of identified exploited vulnerabilities embody:
- CVE-2026-34908: An entry management bypass flaw may permit an unauthenticated attacker to make unauthorized adjustments to a UniFi OS system, doubtlessly compromising your entire system.
- CVE-2026-34909: A listing/path traversal vulnerability may permit an attacker to entry delicate information on the underlying working system, doubtlessly exposing configuration information, credentials, and different delicate information to facilitate account takeover.
- CVE-2026-34910: Improper enter validation flaw permits an attacker to inject and execute arbitrary working system instructions, doubtlessly resulting in distant code execution and full system takeover.
Ubiquiti launched safety updates for 3 vulnerabilities in Could, warning that they could possibly be exploited remotely with out authorization.
Bishop Fox researchers then demonstrated that three flaws may chain collectively to permit full distant code execution with elevated privileges on weak UniFi OS units.
Bishop Fox has additionally launched a free detection script on GitHub to assist defenders uncover weak situations of their environments.
The safety subject exploited on Lantronix servers is tracked as CVE-2025-67038, a severity root-level command injection affecting mannequin EDS5000 operating firmware 2.1.0.0R3.
The vulnerability exists within the HTTP RPC module that executes a shell command that logs failed authentication makes an attempt.
The desired username is concatenated on to a shell command with out correct sanitization, permitting an attacker to inject arbitrary working system instructions.
Lantronix has launched a launched patch for CVE-2025-67038 and recommends customers to improve to EDS5000 model 2.2.0.0R1.
CISA didn’t present particulars concerning the noticed exploits for any of the 4 flaws, however the “Utilized in Ransomware Campaigns” flag for every was set to “Unknown.”
System directors managing the merchandise listed above are inspired to use any obtainable updates or advised mitigations as quickly as potential.
Safety groups doc 54% of profitable assaults and subject a warning on solely 14%. The remaining strikes invisibly by means of the atmosphere.
Picus’ whitepaper exhibits how one can check your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
