CVE-2025-59780 affects General Industrial Controls Lynx+ Gateway. According to CISA’s advisory, the embedded web server lacks critical authentication, allowing unauthenticated GET requests to retrieve sensitive device information. The advisory was published on 2025-11-13 and assigns CVSS 3.1 7.5 (HIGH), reflecting a network-reachable confidentiality issue with no privileges or user interaction required.
CRITICALGeneral Industrial ControlsCVE published 2025-11-13
CVE-2025-58083 is a critical vulnerability in General Industrial Controls Lynx+ Gateway. CISA’s advisory says the embedded web server is missing critical authentication, which could allow a remote attacker to reset the device. The supplied advisory rates the issue CVSS 10.0 and indicates General Industrial Controls did not respond to CISA’s coordination attempts, so defenders should treat this as an urgen [truncated]