CVE-2025-22960

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters (affected versions not specified)

Description: A session hijacking issue exists in the web-based management interface, allowing unauthenticated attackers to access exposed log files at "/logs/debug/xteLog*" endpoints, potentially revealing sensitive session-related information such as session IDs (sess id) and authentication success tokens (user check password OK). This could enable attackers to hijack active sessions, gain unauthorized access, and escalate privileges on affected devices.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.