CVE-2025-59780
published 2025-11-15CVE-2025-59780: General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.34%
25.4th percentile
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which
could allow an attacker to send GET requests to obtain sensitive device
information.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| general_industrial_controls | lynx+_gateway | — | — |
| general_industrial_controls | lynx+_gateway | — | — |
| general_industrial_controls | lynx+_gateway | — | — |
| general_industrial_controls | lynx+_gateway | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
General Industrial Controls Lynx+ Gateway
cisa_ics·2025-11-13·CVSS 8.2
[HIGH] General Industrial Controls Lynx+ Gateway
ICS Advisory
##
General Industrial Controls Lynx+ Gateway
Release DateNovember 13, 2025
Alert CodeICSA-25-317-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: General Industrial Controls
- Equipment: Lynx+ Gateway
- Vulnerabilities: Weak Password Requirements, Missing Authentication for Critical Function, Cleartext Transmission of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could result in obtaining sensitive device information, unauthorized access, or create a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following
GHSA
GHSA-mqgv-qm98-7w7m: General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which
could allow an attacker to send GET requ
ghsa_unreviewed·2025-11-15
CVE-2025-59780 [HIGH] CWE-306 GHSA-mqgv-qm98-7w7m: General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which
could allow an attacker to send GET requ
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which
could allow an attacker to send GET requests to obtain sensitive device
information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-11-15
Published