Critical Ubiquiti Vulnerabilities Exploited in Recent Attacks, CISA Issues Warning

The Risks of Ubiquiti and Lantronix Servers Exploited by Hackers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of vulnerabilities in Ubiquiti UniFi OS and Lantronix serial-to-ethernet servers by malicious hackers.

As per directive BOD 26-04, federal agencies are required to apply available security updates or vendor-recommended mitigations within three days to protect their systems.

CISA has identified specific flaws in Ubiquiti systems that are being actively exploited. These include:

• CVE-2026-34908: This flaw allows unauthorized access to a UniFi OS system, potentially leading to a full system compromise.
• CVE-2026-34909: A vulnerability that enables attackers to access sensitive files on the operating system, posing a risk of exposing confidential data.
• CVE-2026-34910: An input validation flaw that could result in remote code execution and complete system takeover.

Ubiquiti has released security updates for these vulnerabilities, emphasizing the potential for remote exploitation without privileges.

Researchers at Bishop Fox have demonstrated that these flaws can be combined to achieve full remote code execution on vulnerable UniFi OS devices.

Bishop Fox has also provided a free detection script on GitHub to help identify vulnerable instances.

The security issue affecting Lantronix servers is known as CVE-2025-67038, a critical root-level command injection flaw affecting EDS5000 models running firmware 2.1.0.0R3.

The vulnerability lies in the HTTP RPC module, allowing attackers to inject arbitrary commands into the system.

Lantronix has released a patch for CVE-2025-67038 and advises users to upgrade to EDS5000 version 2.2.0.0R1.

CISA has not disclosed details regarding the exploitation of these vulnerabilities, with the risk of their use in ransomware campaigns marked as “Unknown.”

System administrators are urged to promptly apply available updates and recommended mitigations to safeguard their systems.

Security teams detect only 14% of successful attacks, leaving the majority unnoticed in your system. Discover how breach and attack simulation can enhance your security measures. Download the Picus whitepaper for more insights.

Get the whitepaper