CVE-2025-22960 Information

Description

A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT VAXT transmitters. Unauthenticated attackers can access exposed log files (/logs/debug/xteLog) potentially revealing sensitive session-related information such as session IDs (sess_id) and authentication success tokens (user_check_password OK). Exploiting this flaw could allow attackers to hijack active sessions gain unauthorized access and escalate privileges on affected devices.

Reference

https://github.com/shiky8/my–cve-vulnerability-research/tree/main/CVE-2025-22960

Related CNNVD

CNNVD-202512-1547 (Published: 2025-12-09)