CVE-2025-54807

Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key

CVSS 9.3 CRITICALEPSS 0.7%CWE-321

The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Dover Fueling Solutions · ProGauge MagLink LX 4 Dover Fueling Solutions · ProGauge MagLink LX Plus Dover Fueling Solutions · ProGauge MagLink LX Ultimate

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-261-07.json https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html