CVE-2025-59780 | THREATINT

Description

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.

PUBLISHED Reserved 2025-11-06 | Published 2025-11-14 | Updated 2025-11-17 | Assigner icscert

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-306

Product status

Default status

unaffected

Version R08

affected

Version V03

affected

Version V05

affected

Version V18

affected

Credits

Abhishek Pandey from Payatu Security Consulting Pvt. Ltd. reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-25-317-08

github.com/...p/csaf_files/OT/white/2025/icsa-25-317-08.json

cve.org (CVE-2025-59780)

nvd.nist.gov (CVE-2025-59780)

Download JSON