CVE-2025-63212 is a medium-severity vulnerability affecting GatesAir Flexiva-LX broadcast devices on firmware versions 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000. The issue arises because sensitive session identifiers (session IDs or sids) are logged in a publicly accessible file located at /log/Flexiva%20LX.log. This log file can be accessed without authentication, exposing valid session IDs to any unauthenticated attacker with network access to the device. The vulnerability specifically requires that a legitimate administrator user has previously closed their browser window without explicitly logging out, leaving the session active and the session ID valid. An attacker can then retrieve the session ID from the log file and hijack the administrator session, gaining unauthorized access without needing credentials. The CVSS 3.1 base score is 6.5, reflecting network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N), with high confidentiality impact (C:H) but no impact on integrity or availability. The vulnerability is categorized under CWE-200 (Exposure of Sensitive Information). No patches or firmware updates are currently listed, and no known exploits have been reported in the wild. This vulnerability highlights poor session management and improper logging practices in the affected firmware versions, which could lead to unauthorized administrative access and potential manipulation of broadcast device configurations.

For European organizations, particularly broadcasters and media companies relying on GatesAir Flexiva-LX devices, this vulnerability poses a significant confidentiality risk. Unauthorized session hijacking could allow attackers to access administrative interfaces, potentially leading to unauthorized configuration changes, disruption of broadcast services, or leakage of sensitive operational information. While the vulnerability does not directly affect integrity or availability, unauthorized access could be leveraged for further attacks or sabotage. The exposure of session IDs in publicly accessible logs increases the attack surface, especially in environments where network segmentation is weak or remote access is enabled. Given the critical role of broadcast infrastructure in public communication, exploitation could have wider societal impacts, including misinformation or disruption of emergency broadcasts. The medium severity rating reflects that exploitation requires some conditions (previous admin session left open) and privileges, but the impact on confidentiality is high.

1. Enforce strict session management policies: ensure that administrators always log out explicitly to invalidate sessions rather than just closing browser windows. 2. Restrict access to log files: configure device or network controls to prevent unauthenticated access to /log/Flexiva%20LX.log and other sensitive files. 3. Implement network segmentation: isolate broadcast device management interfaces from general network access, limiting exposure to trusted administrators only. 4. Monitor logs and access patterns for unusual retrieval of session files or repeated access attempts. 5. Apply firmware updates or patches as soon as they become available from GatesAir addressing this vulnerability. 6. Consider deploying web application firewalls or intrusion detection systems to detect and block attempts to access sensitive log files. 7. Educate administrators on secure session handling and the risks of leaving sessions active. 8. If possible, disable or restrict logging of session identifiers in logs to prevent exposure. 9. Use multi-factor authentication on administrative interfaces to reduce risk even if session IDs are compromised.