The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about multiple critical vulnerabilities in ProGauge MagLink LX fuel and water tank monitors, widely deployed in fuel stations and industrial environments. Successful exploitation could allow attackers to cause denial-of-service conditions or gain administrative access to vulnerable systems.
The first vulnerability, tracked as CVE-2025-55068 with a CVSS score of 8.2, arises from improper handling of Unix time values. CISA explains: “Affected devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition.” In practice, this flaw could allow attackers to disrupt tank monitoring systems by simply manipulating time-based functions, leading to service outages.
Another serious issue, CVE-2025-54807, carries a CVSS score of 9.8 and involves a hard-coded secret embedded in device firmware. As the advisory notes: “The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.” With this capability, adversaries could impersonate legitimate users, override security controls, and gain unauthorized administrative access.
The third vulnerability, CVE-2025-30519, also rated 9.8, stems from weak and unchangeable root credentials. According to CISA, “affected versions of the device have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system.” This flaw is particularly dangerous because it effectively hands over administrative privileges to any attacker who can reach the device on the network.
According to the advisory, the following versions are impacted:
- ProGauge MagLink LX 4: Versions prior to 4.20.3
- ProGauge MagLink LX Plus: Versions prior to 4.20.3
- ProGauge MagLink LX Ultimate: Versions prior to 5.20.3
Dover Fueling Solutions has released security updates to address the vulnerabilities:
- MagLink LX 4 and LX Plus: Update to version 4.20.3 or later
- MagLink LX Ultimate: Update to version 5.20.3 or later
In addition, Dover recommends placing devices behind a firewall and minimizing network exposure.
- CISA Warning: Critical Flaw (CVE-2025-5310) Exposes Fueling Station Devices
- Critical Vulnerabilities in Automated Tank Gauge Systems Threaten Global Infrastructure
- AI Powers a Phishing Frenzy – Zscaler Report Warns of Unprecedented Threat Wave
- Synology Surveillance Station Vulnerabilities Expose Systems to Attack – Update Immediately
- Critical Vulnerabilities in QNAP Notes Station 3: Update Now to Protect Your Data
