CVE-2025-54807

CRITICAL

Device Firmware <unknown - Auth Bypass

Title source: llm

Description

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07

Various Sources

https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-261-07.json

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0068

EPSS Percentile 47.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-321

Status published

Products (3)

Dover Fueling Solutions/ProGauge MagLink LX 4 < 4.20.3

Dover Fueling Solutions/ProGauge MagLink LX Plus < 4.20.3

Dover Fueling Solutions/ProGauge MagLink LX Ultimate < 5.20.3

Published Sep 18, 2025

Tracked Since Feb 18, 2026