CVE-2025-59780 HIGH

CVE-2025-59780: General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function

Vendor General Industrial Controls
Product Lynx+ Gateway
Weakness CWE-306 · Missing auth
Published November 14, 2025
Last update November 17, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.

Key dates

02Disclosure timeline

November 14, 2025 CVE published
November 17, 2025 Record updated