CVE-2025-63212

EUVD-2025-198171

19.11.2025, 20:15

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
gatesair	flexiva_lx100_firmware	1.0.13
gatesair	flexiva_lx100_firmware	2.0
gatesair	flexiva_lx300_firmware	1.0.13
gatesair	flexiva_lx300_firmware	2.0
gatesair	flexiva_lx600_firmware	1.0.13
gatesair	flexiva_lx600_firmware	2.0
gatesair	flexiva_lx1000_firmware	1.0.13
gatesair	flexiva_lx1000_firmware	2.0

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63212%20_GatesAir%20Flexiva-LX%20Series%20_%20Session%20Hijacking

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63212%20_GatesAir%20Flexiva-LX%20Series%20_%20Session%20Hijacking

https://www.gatesair.com/