CISA Warns Veeder-Root Flaw Exposes Fuel Tank Systems
The Cybersecurity and Infrastructure Security Agency issued a critical security alert on Monday, warning that Veeder-Root TLS4B Automatic Tank Gauge systems are vulnerable to remote command injection. The alert highlights two high-severity flaws, including CVE-2025-58428, which if exploited, could allow attackers to execute arbitrary commands. CISA warns Veeder Root flaw poses a significant risk to fuel storage infrastructure that depends on these systems.
Widely used in commercial fueling environments, the TLS4B system monitors fuel tank levels and environmental conditions. The vulnerability could let threat actors bypass authentication and gain control over core system functions. CISA warns Veeder Root flaw CVE-2025-58428 could be leveraged in combination with other known vulnerabilities such as CVE-2025-55067 and CVE-2025-11371 to amplify impact.
Security teams utilizing Veeder-Root TLS4B devices should review the full vulnerability details and apply mitigations immediately. For more information, read the complete report at the following link: