Authentication Bypass Vulnerability in Dover Fueling Solutions' Progauge Maglink LX 4 Console
CVE-2025-54807

9.3CRITICAL

Key Information:

Vendor

Dover Fueling Solutions

Status
Progauge Maglink Lx 4
Progauge Maglink Lx Plus
Progauge Maglink Lx Ultimate
Vendor
CVE Published:
18 September 2025

What is CVE-2025-54807?

In the Progauge Maglink LX 4 Console developed by Dover Fueling Solutions, the secret key used for validating authentication tokens is hardcoded within the device's firmware. This design oversight allows an attacker who manages to discover the hardcoded signing key to bypass authentication mechanisms. As a result, the attacker can gain unrestricted access to the system, potentially compromising sensitive data and overall system integrity.

Affected Version(s)

ProGauge MagLink LX 4 0 < 4.20.3

ProGauge MagLink LX Plus 0 < 4.20.3

ProGauge MagLink LX Ultimate 0 < 5.20.3

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...
https://www.doverfuelingsolutions.com/mea/en/products-and...

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pedro Umbelino of Bitsight TRACE reported these vulnerabilities to CISA.
.
CVE-2025-54807 : Authentication Bypass Vulnerability in Dover Fueling Solutions' Progauge Maglink LX 4 Console