CVE-2025-54807 | THREATINT

Description

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.

PUBLISHED Reserved 2025-08-18 | Published 2025-09-18 | Updated 2025-09-19 | Assigner icscert

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Product status

Default status

unaffected

Any version before 4.20.3

affected

Default status

unaffected

Any version before 4.20.3

affected

Default status

unaffected

Any version before 5.20.3

affected

Credits

Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-261-07

www.doverfuelingsolutions.com/...e-maglink-lx-4-console.html

cve.org (CVE-2025-54807)

nvd.nist.gov (CVE-2025-54807)

Download JSON

help @ threatint.eu