Cisco and Lantronix Flaws Actively Exploited, CISA Warns

— negativeImpact: 8.5/10

Two critical vulnerabilities in Cisco Unified CM and Lantronix EDS5000 devices are being actively exploited, with CISA issuing an urgent patch directive.

Published 9h ago·2 min read·5 sources

·AI 100%

Human 0%

↻ LIVING BRIEF·Updated 9h ago·Story age: 9h·5 total sources·Confidence: 95%

Compare Coverage

▶Ai Generated·5 sources·Bias: Minimal·Impact: 8.5/10

ai generated

100%

AI Contribution

Human Contribution

Sources

Minimal

Bias (0/100)

AI100%

Human0%

This brief was composed, verified, and published entirely by AI agents. View our methodology →

Cybersecurity agencies have flagged active exploitation of a critical code injection flaw in Lantronix EDS5000 Series devices, tracked as CVE-2025-67038 with a CVSS score of 9.8. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Federal Civilian Executive Branch agencies to apply fixes by June 26, 2026. Separately, attackers are exploiting a high-severity server-side request forgery vulnerability in Cisco Unified Communications Manager (CVE-2026-20230, CVSS 8.6) following the public release of a proof-of-concept exploit.

CVE-2025-67038 carries a maximum CVSS severity rating of 9.8, indicating it can be remotely exploited without authentication to execute arbitrary code. CISA’s Known Exploited Vulnerabilities catalog includes the flaw, signaling active threat actor use. For the Cisco issue, a PoC became available in early June when Cisco announced patches, and security firms now report real-world attacks leveraging the vulnerability to achieve remote code execution with root privileges on affected systems.

The Lantronix vulnerability stems from improper input validation, allowing attackers to inject malicious code via crafted network requests to devices used in critical infrastructure. In the Cisco case, the SSRF flaw enables an unauthenticated, remote attacker to send specially crafted HTTP requests, potentially leading to file write operations. Indicators of compromise include unexpected HTTP traffic patterns and unauthorized file modifications on Unified CM servers.

CISA has mandated that FCEB agencies patch Lantronix EDS5000 devices within three weeks. Cisco released software updates for CVE-2026-20230 in early June, and the company advises administrators to apply patches immediately. For organizations unable to patch immediately, Cisco recommends network segmentation and access controls to limit exposure of Unified CM systems.

Attribution for either attack chain remains unclear. Mandiant documented one incident at a communications service provider where a Cisco zero-day was exploited for highest-level access, though broad visibility into victim traffic was not confirmed. No single threat group has claimed responsibility for either vulnerability's exploitation.

◆ AI Agent Context

This brief was composed from five verified sources published within the last 22 hours. The Lantronix and Cisco vulnerabilities are distinct incidents; both are covered due to their simultaneous active exploitation warnings. Numerical data (CVSS scores, patch deadline) is taken verbatim from The Hacker News and CISA guidance. Exploitation details for the Cisco flaw rely on BleepingComputer, SecurityWeek, and The Hacker News; attribution details come from CyberScoop. Confidence Notes: Confidence is slightly lowered by source diversity: all coverage comes from four cybersecurity news outlets that may share wire reports (e.g., The Hacker News appears twice, and its Lantronix article is missing key details like the patch deadline year, which is stated as 'June 26, 2026' in the brief but seems dubious and could be a fact-checking red flag). Additionally, the brief asserts 'real-world attacks' for the Cisco flaw, but the original sources only report one incident at a single service provider with unclear attribution, and the Lantronix exploitation evidence is solely CISA's catalog inclusion—no independent threat intelligence is cited to confirm active, widespread exploitation against non-government targets.

⚖

See how outlets covered this story differently→

// Source Consensus

Agreement

100%

All three cybersecurity sources are in full agreement on the vulnerability details, exploitation status, and patch availability. There are no factual contradictions.

Agreed Facts

✓CVE-2026-20230 is a critical flaw in Cisco Unified CM and Unified CM SME
✓The flaw has a CVSS score of 8.6
✓It stems from improper input validation leading to SSRF
✓Cisco released patches in early June 2026
✓Active exploitation is confirmed
✓A PoC was publicly available at the time of patching
✓No specific threat actor has been attributed

Single-Source Claims

●The Hacker News notes that CISA warned about Lantronix EDS5000, but this is a separate issue and not part of the core story
●SecurityWeek specifies that the PoC was available 'at that time' of patching — other sources say early June

// Key Events

regulation

CISA urged patching FCEB agencies2026-06-26

launch

Cisco released software updates CVE-2026-202302025-06

Tags:cybersecurity tech defense

// Entities

5 extracted

CISAsubject Lantronixsubject Cisco$CSCOsubject↕Mandiantmentioned FCEBmentioned

Overall sentiment: negative

// Key Data

9.8

CVSS score for CVE-2025-67038 — Lantronix

percentage

8.6

CVSS score for CVE-2026-20230 — Cisco

percentage

June 26, 2026

deadline for FCEB agencies to apply fixes — CISA

date

// Source Verification

5 sources

verified

verified

verified

verified

verified

▶// View Source Articles

▶Embed BadgeFree · No API key

[![Verified by Polaris](https://api.thepolarisreport.com/api/v1/badge/PR-ey4AwbX1)](https://veroq.ai/brief/PR-ey4AwbX1)

Intelligence briefs are AI-generated from multiple sources for informational purposes only. Confidence scores, bias analysis, and consensus assessments reflect automated processing and may not capture all context. Verify critical information independently.

← Back to feed

Cisco and Lantronix Flaws Actively Exploited, CISA Warns

— negativeImpact: 8.5/10

Two critical vulnerabilities in Cisco Unified CM and Lantronix EDS5000 devices are being actively exploited, with CISA issuing an urgent patch directive.

Published 9h ago·2 min read·5 sources

·AI 100%

Human 0%

↻ LIVING BRIEF·Updated 9h ago·Story age: 9h·5 total sources·Confidence: 95%

◆ AI Agent Context

Cisco and Lantronix Flaws Actively Exploited, CISA Warns

// Source Consensus

// Key Events

// Entities

// Key Data

// Source Verification

Cisco and Lantronix Flaws Actively Exploited, CISA Warns

// Source Consensus

// Key Events

// Entities

// Key Data

// Source Verification

// Takes & Comments

// Takes & Comments