A vulnerability in Lantronix serial-to-IP converters, identified as CVE-2025-67038, is now being actively exploited in attacks. The flaw was originally disclosed in April as part of the BRIDGE:BREAK research project, which focused on weaknesses in operational technology (OT) equipment. The exploit poses a direct risk to industrial control systems that rely on these devices for serial communication over IP networks.
The active exploitation follows a threat warning specifically targeting OT environments. While the exact severity score and number of affected systems remain undisclosed, the incident underscores the growing danger of internet-exposed industrial gear. Security experts have flagged this as a critical situation for organizations using Lantronix serial-to-IP converters in their OT infrastructure.
Technical details from the BRIDGE:BREAK research describe the attack vector as involving improper input validation, allowing remote attackers to execute arbitrary code. The converters use Telnet or SSH to bridge serial devices to IP networks, and the flaw could enable an adversary to take full control of the device. Indicators of compromise include unexpected reboots or altered configuration files, though no public proof-of-concept code has been released.
Lantronix has not yet released an official patch for CVE-2025-67038. As a temporary workaround, organizations are advised to restrict network access to these devices using firewalls, disable remote management if possible, and monitor for unusual traffic patterns. The timeline for a firmware update remains unclear, according to the source.
The BRIDGE:BREAK research team has not publicly attributed the attacks to a specific threat actor. However, the exploitation of OT vulnerabilities has been rising, driven by state-sponsored groups and criminal ransomware operations. This incident highlights the ongoing challenge of securing legacy industrial devices that were not designed with modern cyber threats in mind.