The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a severe vulnerability in Lynx+ Gateway devices that could expose sensitive information in clear text during transmission.
The flaw allows attackers to catch network traffic and obtain plaintext credentials and other confidential data. The vulnerability, tracked as CVE-2025-62765, stems from the product’s failure to encrypt data during transmission.
This cleartext transmission vulnerability poses a significant security risk for organizations that rely on Lynx+ Gateway technology, particularly those managing critical infrastructure or handling sensitive communications.
Lynx+ Gateway Vulnerability
An attacker with network access could exploit this weakness by monitoring traffic flowing through the affected gateway.
The lack of encryption means that credentials, authentication tokens, and other sensitive information transmitted across the network remain visible to potential threat actors.
According to CISA, no authentication or user interaction is required to launch an attack, making this vulnerability particularly dangerous.
The vulnerability has received a CVSS v3 base score of 7.5, indicating a high-severity threat.
| CVE ID | Product | Vulnerability Type | CVSS v3 Score | CVSS v4 Score | Impact |
|---|---|---|---|---|---|
| CVE-2025-62765 | Lynx+ Gateway | Cleartext Transmission | 7.5 (High) | 8.7 (Critical) | Plaintext Credentials & Data Exposure |
The CVSS v3 vector string (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A: N) shows the attack can be executed remotely with low complexity and requires no privileges.
The vulnerability severely impacts confidentiality without affecting integrity or availability. The CVSS v4 score is even more severe at 8.7, reflecting the evolving assessment of this threat.
The CVSS v4 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA: N) confirms that the attack vector remains network-based, with minimal barriers to exploitation.
Organizations using Lynx+ Gateway devices should prioritize patching this vulnerability immediately. CISA recommends implementing network segmentation to limit exposure and monitoring for suspicious network activity.
Additionally, organizations should consider implementing encrypted communication channels and reviewing access logs for signs of unauthorized traffic interception.
Until patches are available, administrators should restrict network access to affected gateways and implement additional monitoring controls.
Given the critical nature of this flaw, this update should be treated as a high-priority security incident requiring urgent attention from network and security teams.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
