Cyber Posture

CVE-2025-58083

Critical

Published: 15 November 2025

Published
15 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0008 23.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-58083 is a critical-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Cisa (inferred from references). Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

AC-14 explicitly defines and limits actions allowable without identification or authentication, directly preventing unauthorized remote device resets via the unauthenticated web server.

IA-8 Identification and Authentication (Non-organizational Users) good match
prevent

IA-8 requires identification and authentication for non-organizational users, blocking unauthenticated external attackers from exploiting the web server vulnerability.

AC-3 Access Enforcement good match
prevent

AC-3 enforces approved access control policies, ensuring authentication is required before sensitive operations like remote device reset.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability is an authentication bypass in an embedded web server, directly enabling exploitation of a public-facing application to remotely reset the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.

Deeper analysisAI

CVE-2025-58083 is a critical authentication bypass vulnerability (CWE-306) in the embedded web server of the General Industrial Controls Lynx+ Gateway. Published on 2025-11-15, it carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), stemming from the absence of required authentication mechanisms that could enable unauthorized remote device reset.

An unauthenticated attacker with network access to the affected gateway can exploit this vulnerability with low complexity and no user interaction. Exploitation allows remote reset of the device, resulting in high impacts to confidentiality, integrity, and availability, particularly in operational technology environments where device downtime could disrupt industrial controls.

The CISA ICS advisory ICSA-25-317-08 details mitigation recommendations. Security practitioners should consult https://www.cisa.gov/news-events/ics-advisories/icsa-25-317-08 and the associated CSAF document at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-08.json for patch information and remediation guidance.

Details

CWE(s)
CWE-306

Affected Products

Cisa
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-1453Shared CWE-306
CVE-2026-31882Shared CWE-306
CVE-2025-27642Shared CWE-306
CVE-2021-47891Shared CWE-306
CVE-2026-26340Shared CWE-306
CVE-2025-3498Shared CWE-306
CVE-2025-52665Shared CWE-306
CVE-2025-0355Shared CWE-306
CVE-2026-24177Shared CWE-306
CVE-2026-22207Shared CWE-306

References