The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a severe vulnerability in Lynx+ Gateway devices that could expose sensitive information in clear text during transmission.
The flaw allows attackers to catch network traffic and obtain plaintext credentials and other confidential data. The vulnerability, tracked as CVE-2025-62765, stems from the product’s failure to encrypt data during transmission.
This cleartext transmission vulnerability poses a significant security risk for organizations that rely on Lynx+ Gateway technology, particularly those managing critical infrastructure or handling sensitive communications.
An attacker with network access could exploit this weakness by monitoring traffic flowing through the affected gateway.
The lack of encryption means that credentials, authentication tokens, and other sensitive information transmitted across the network remain visible to potential threat actors.
According to CISA, no authentication or user interaction is required to launch an attack, making this vulnerability particularly dangerous.
The vulnerability has received a CVSS v3 base score of 7.5, indicating a high-severity threat.
| CVE ID | Product | Vulnerability Type | CVSS v3 Score | CVSS v4 Score | Impact |
|---|---|---|---|---|---|
| CVE-2025-62765 | Lynx+ Gateway | Cleartext Transmission | 7.5 (High) | 8.7 (Critical) | Plaintext Credentials & Data Exposure |
The CVSS v3 vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A: N) shows the attack can be executed remotely with low complexity and requires no privileges.
The vulnerability severely impacts confidentiality without affecting integrity or availability. The CVSS v4 score is even more severe at 8.7, reflecting the evolving assessment of this threat.
The CVSS v4 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA: N) confirms that the attack vector remains network-based, with minimal barriers to exploitation.
Organizations using Lynx+ Gateway devices should prioritize patching this vulnerability immediately. CISA recommends implementing network segmentation to limit exposure and monitoring for suspicious network activity.
Additionally, organizations should consider implementing encrypted communication channels and reviewing access logs for signs of unauthorized traffic interception.
Until patches are available, administrators should restrict network access to affected gateways and implement additional monitoring controls.
Given the critical nature of this flaw, this update should be treated as a high-priority security incident requiring urgent attention from network and security teams.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
APT24, a sophisticated cyber espionage group linked to China's People's Republic, has launched a relentless…
The Cl0p ransomware group has claimed responsibility for infiltrating Broadcom's internal systems as part of…
Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers…
A critical security vulnerability has been discovered in ASUSTOR backup and synchronization software, allowing attackers…
Microsoft has introduced a practical new feature in Windows 11 designed specifically for public-facing monitors…
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That…