CVE-2025-54807
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dover Fueling Solutions | ProGauge MagLink LX 4 | 0 < 4.20.3 | affected |
| Dover Fueling Solutions | ProGauge MagLink LX Plus | 0 < 4.20.3 | affected |
| Dover Fueling Solutions | ProGauge MagLink LX Ultimate | 0 < 5.20.3 | affected |
Weaknesses
- CWE-321: CWE-321
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07
- https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-261-07.json
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.