cvedb.io
CVE-2025-63212
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-11-19T20:15:53.380 · Last modified 2026-06-17T09:52:56.930

Summary

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers (sid) in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions without providing any credentials. This attack requires the legitimate user (admin) to have previously closed the browser window without logging out.

Affected products

gatesair — flexiva_lx100_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when gatesair ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.