{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-63212", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-20T21:02:43.797Z", "dateReserved": "2025-10-27T00:00:00.000Z", "datePublished": "2025-11-19T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-11-19T19:32:42.467Z"}, "descriptions": [{"lang": "en", "value": "GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.gatesair.com/"}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63212%20_GatesAir%20Flexiva-LX%20Series%20_%20Session%20Hijacking"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-20T21:01:41.771788Z", "id": "CVE-2025-63212", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-20T21:02:43.797Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-63212", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-20T21:01:41.771788Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-20T21:02:34.642Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.gatesair.com/"}, {"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63212%20_GatesAir%20Flexiva-LX%20Series%20_%20Session%20Hijacking"}], "descriptions": [{"lang": "en", "value": "GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-11-19T19:32:42.467Z"}}}, "cveMetadata": {"cveId": "CVE-2025-63212", "state": "PUBLISHED", "dateUpdated": "2025-11-20T21:02:43.797Z", "dateReserved": "2025-10-27T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-11-19T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gatesair:flexiva_lx100_firmware:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "FAE101C6-1663-4A58-B9A7-41BAFD0B2BA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:gatesair:flexiva_lx100_firmware:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F5CE624-254C-472E-8D1D-1C3463281CA0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gatesair:flexiva_lx100:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F1D8D39-E16E-440C-AC90-8060CB2C0EB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gatesair:flexiva_lx300_firmware:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "2D1F6D30-F5D0-4D5A-890D-F9BBCBBB3C45", "vulnerable": true}, {"criteria": "cpe:2.3:o:gatesair:flexiva_lx300_firmware:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5A53C617-AA10-46A9-B596-3CBC5D4760D5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gatesair:flexiva_lx300:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A57C780-A6FD-4C47-A7CC-3F5F09B92B16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gatesair:flexiva_lx600_firmware:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "67C103A0-68B1-449B-95AA-12B8467A6588", "vulnerable": true}, {"criteria": "cpe:2.3:o:gatesair:flexiva_lx600_firmware:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C78DD920-FF73-4575-AE89-AF6608857C25", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gatesair:flexiva_lx600:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EAAF4DB-9F0D-4401-9560-1C463274EB9C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:gatesair:flexiva_lx1000_firmware:1.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "EEA61DCA-EAAC-4C60-9070-8AAFF7F2B821", "vulnerable": true}, {"criteria": "cpe:2.3:o:gatesair:flexiva_lx1000_firmware:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B168C928-7586-4AB9-95FB-5D759350AD6F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:gatesair:flexiva_lx1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "7882D4C9-E3F8-40B9-BDFC-0216066E7907", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out."}], "id": "CVE-2025-63212", "lastModified": "2026-01-15T18:31:02.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-19T20:15:53.380", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-63212%20_GatesAir%20Flexiva-LX%20Series%20_%20Session%20Hijacking"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.gatesair.com/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-11-21T09:16:15.432125+00:00", "updated": "2025-11-21T09:16:15.432167+00:00", "vendors": ["gatesair", "gatesair$PRODUCT$flexiva-lx"]}