CVE-2025-54807

Critical CVSS: 9.3

The secret used for validating authentication tokens is hardcoded in
device firmware for affected versions. An attacker who obtains the
signing key can bypass authentication, gaining complete access to the
system.

Vendor

Product

CWE

CWE-321

Yayın Tarihi

2025-09-18 21:15:48

Güncelleme

2025-09-19 16:00:27

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-321 CRITICAL 2025

Referanslar

https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html