CVE-2025-63212

Name of the Vulnerable Software and Affected Versions GatesAir Flexiva-LX versions 1.0.13 and 2.0 GatesAir Flexiva-LX models LX100, LX300, LX600, and LX1000

Description The GatesAir Flexiva-LX devices are affected by an issue where sensitive session identifiers (sid) are exposed in a publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions. This requires the legitimate administrator to have previously closed the browser window without logging out.

Recommendations Update GatesAir Flexiva-LX version 1.0.13 to a newer version. Update GatesAir Flexiva-LX version 2.0 to a newer version. Ensure administrators fully log out of the system instead of simply closing the browser window.