CVE-2025-58083 CRITICAL

CVE-2025-58083: General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function

Vendor General Industrial Controls
Product Lynx+ Gateway
Weakness CWE-306 · Missing auth
Published November 14, 2025
Last update November 17, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.

Key dates

02Disclosure timeline

November 14, 2025 CVE published
November 17, 2025 Record updated