6.5
CVE-2025-63212
- EPSS 0.06%
- Veröffentlicht 19.11.2025 00:00:00
- Zuletzt bearbeitet 15.01.2026 18:31:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginGatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gatesair ≫ Flexiva Lx100 Firmware Version1.0.13
Gatesair ≫ Flexiva Lx100 Firmware Version2.0
Gatesair ≫ Flexiva Lx300 Firmware Version1.0.13
Gatesair ≫ Flexiva Lx300 Firmware Version2.0
Gatesair ≫ Flexiva Lx600 Firmware Version1.0.13
Gatesair ≫ Flexiva Lx600 Firmware Version2.0
Gatesair ≫ Flexiva Lx1000 Firmware Version1.0.13
Gatesair ≫ Flexiva Lx1000 Firmware Version2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.197 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.