{"api_version":"1","generated_at":"2026-06-05T02:16:03+00:00","cve":"CVE-2025-54807","urls":{"html":"https://cve.report/CVE-2025-54807","api":"https://cve.report/api/cve/CVE-2025-54807.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-54807","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-54807"},"summary":{"title":"Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key","description":"The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem.","state":"PUBLISHED","assigner":"icscert","published_at":"2025-09-18 21:15:48","updated_at":"2026-04-15 00:35:42"},"problem_types":["CWE-321","CWE-321 CWE-321"],"metrics":[{"version":"4.0","source":"ics-cert@hq.dhs.gov","type":"Secondary","score":"9.3","severity":"CRITICAL","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"9.3","severity":"CRITICAL","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"ics-cert@hq.dhs.gov","type":"Secondary","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"9.8","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07","name":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07","refsource":"ics-cert@hq.dhs.gov","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html","name":"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html","refsource":"ics-cert@hq.dhs.gov","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-261-07.json","name":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-261-07.json","refsource":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-261-07.json","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-54807","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54807","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Dover Fueling Solutions","product":"ProGauge MagLink LX 4","version":"affected 4.20.3 custom","platforms":[]},{"source":"CNA","vendor":"Dover Fueling Solutions","product":"ProGauge MagLink LX Plus","version":"affected 4.20.3 custom","platforms":[]},{"source":"CNA","vendor":"Dover Fueling Solutions","product":"ProGauge MagLink LX Ultimate","version":"affected 5.20.3 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions  website https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html  .For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users  update to version 5.20.3 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html  or later.\n\n\nDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks.","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"54807","cve":"CVE-2025-54807","epss":"0.000940000","percentile":"0.261770000","score_date":"2026-06-04","updated_at":"2026-06-05 00:02:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-54807","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2025-09-19T13:05:56.641781Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2025-09-19T13:06:19.294Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"ProGauge MagLink LX 4","vendor":"Dover Fueling Solutions","versions":[{"lessThan":"4.20.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ProGauge MagLink LX Plus","vendor":"Dover Fueling Solutions","versions":[{"lessThan":"4.20.3","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"ProGauge MagLink LX Ultimate","vendor":"Dover Fueling Solutions","versions":[{"lessThan":"5.20.3","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem."}],"value":"The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-321","description":"CWE-321","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-04T20:00:51.429Z","orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-25-261-07"},{"url":"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-261-07.json"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html\">website</a>&nbsp;.<p>For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html\">update to version 5.20.3</a>&nbsp;or later.</p>\n<p>Dover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks.</p>\n\n<br>"}],"value":"Dover Fueling Solutions recommends users update their ProGauge MagLink \ndevices to Version 4.20.3 or later for MagLink LX 4 and MagLink LX Plus \nmodels. The upgrade can be downloaded from the Dover Fueling Solutions  website https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-4-console.html  .For MagLink LX Ultimate devices, Dover Fueling Solutions recommends users  update to version 5.20.3 https://www.doverfuelingsolutions.com/mea/en/products-and-solutions/automatic-tank-gauging/consoles/progauge-maglink-lx-ultimate-console.html  or later.\n\n\nDover Fueling Solutions recommends all users install the software behind a firewall to minimize risk of remote attacks."}],"source":{"advisory":"ICSA-25-261-07","discovery":"EXTERNAL"},"title":"Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Hard-coded Cryptographic Key","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2025-54807","datePublished":"2025-09-18T20:44:04.094Z","dateReserved":"2025-08-18T15:32:05.596Z","dateUpdated":"2026-06-04T20:00:51.429Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-09-18 21:15:48","lastModifiedDate":"2026-04-15 00:35:42","problem_types":["CWE-321","CWE-321 CWE-321"],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"54807","Ordinal":"1","Title":"Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Har","CVE":"CVE-2025-54807","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"54807","Ordinal":"1","NoteData":"The secret used for validating authentication tokens is hardcoded in \ndevice firmware for affected versions. An attacker who obtains the \nsigning key can bypass authentication, gaining complete access to the \nsystem.","Type":"Description","Title":"Dover Fueling Solutions ProGauge MagLink LX 4 Devices Use of Har"}]}}}