Published: 2025-11-19T20:15:53.380
Overview
A critical security vulnerability, identified as CVE-2025-63212, has been discovered in GatesAir Flexiva-LX devices. Specifically, models LX100, LX300, LX600, and LX1000 running firmware versions 1.0.13 and 2.0 are affected. This vulnerability allows an unauthenticated attacker to hijack active user sessions by retrieving sensitive session identifiers (sid) from a publicly accessible log file.
Technical Details
The vulnerability stems from the exposure of session IDs within the /log/Flexiva%20LX.log file. This log file is publicly accessible, meaning no authentication is required to view its contents. When a legitimate user (particularly an administrator) accesses the Flexiva-LX web interface and closes the browser window without explicitly logging out, their session ID remains active and is logged. An attacker can then retrieve this session ID from the log file and use it to impersonate the user, gaining unauthorized access to the device’s configuration and control panels.
CVSS Analysis
At the time of this writing, the CVSS score for CVE-2025-63212 is not yet available (N/A). However, given the potential for complete system compromise, a high severity rating is anticipated. The ease of exploitation (unauthenticated access and publicly available log file) contributes significantly to the risk.
Possible Impact
Successful exploitation of this vulnerability can have severe consequences, including:
- Complete System Control: An attacker can gain full administrative access to the Flexiva-LX transmitter.
- Configuration Manipulation: Unauthorized modification of transmitter settings, potentially disrupting broadcast operations.
- Data Theft: Access to sensitive configuration data and network information stored on the device.
- Denial of Service: Intentionally misconfiguring the transmitter to cause a service outage.
Mitigation and Patch Steps
To address this vulnerability, the following steps are recommended:
- Upgrade Firmware: Immediately upgrade to a patched firmware version that resolves the log exposure issue. Contact GatesAir support or visit their website for the latest firmware releases.
- Disable Public Access to Logs (If Possible): As an immediate workaround (until a patch is applied), investigate if it’s possible to restrict access to the
/log/Flexiva%20LX.logfile via configuration settings. This is not a permanent solution but can reduce immediate risk. - User Education: Educate users, especially administrators, to always explicitly log out of the Flexiva-LX web interface after use.
- Network Segmentation: Implement network segmentation to limit the potential impact of a compromised device. Isolate the Flexiva-LX device on a separate network segment with restricted access.
- Monitor Logs: Regularly review access logs for suspicious activity, such as unusual access to the log file or attempts to log in with compromised session IDs.
