cbcvebase.
CVE-2025-30519
published 2025-09-18

CVE-2025-30519: Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker…

PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.41%
32.5th percentile
Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system.

Affected

3 ranges
VendorProductVersion rangeFixed in
dover_fueling_solutionsprogauge_maglink_lx_4< 4.20.34.20.3
dover_fueling_solutionsprogauge_maglink_lx_plus< 4.20.34.20.3
dover_fueling_solutionsprogauge_maglink_lx_ultimate< 5.20.35.20.3

Detection & IOCsextracted from sources · hover to see the quote

  • Detect network access attempts to ProGauge MagLink LX4 devices using default root credentials, which cannot be changed through standard administrative means
  • Monitor for administrative logins to ProGauge MagLink LX4/LX4 Plus/LX4 Ultimate devices from unexpected or external network sources, especially on internet-exposed devices
  • ·Default root credentials are hardcoded and cannot be changed through standard administrative means, meaning credential rotation is not a viable mitigation for CVE-2025-30519 — patching to a fixed firmware version is required
  • ·No known public exploitation has been reported at time of advisory publication, but the vulnerability is remotely exploitable with low attack complexity (CVSS v4 9.3)
  • ·The advisory covers three distinct CVEs on the same device family; CVE-2025-30519 (default credentials) is separate from CVE-2025-54807 (hardcoded JWT signing key) and CVE-2025-55068 (integer overflow/DoS) — all three should be remediated together via firmware update

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.