CVE-2025-52578

Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...

CVE-2025-52578

CVE-2025-52578 describes an incorrect usage of seeds in a pseudo-random number generator (PRNG) affecting Gallagher Command Centre Server. The issue allows a sophisticated attacker with physical access to compromise internal device communications. Affected versions include 9.30 before vCR9.30.251...

CVE-2025-52578

Incorrect Usage of Seeds in Pseudo-Random Number Generator CWE- 335 vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in...

CVE-2025-52457

CVE-2025-52457 describes an Observable Timing Discrepancy (CWE-208) in Gallagher HBUS devices that could let an attacker with physical access extract device-specific keys, potentially compromising site security. Affected: Command Centre Server, including 9.30 before vCR9.30.251028a (MR3), 9.20 be...

CVE-2025-52457

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

CVE-2025-52457

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

PT-2025-47240

Observable Timing Discrepancy CWE-208 in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a distributed in 9.30.2881 MR3, 9.2...

PT-2025-47242

Missing Release of Resource after Effective Lifetime CWE-772 in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30...

CVE-2025-48428

Cleartext Storage of Sensitive Information CWE-312 in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue...

CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

CVE-2025-35981

Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...

CVE-2025-48430

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...

CVE-2025-41402

Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...

CVE-2025-48430

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...

CVE-2025-41402

Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...

CVE-2025-35981

Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...

CVE-2025-48430

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...

CVE-2025-48430

CVE-2025-48430 affects Gallagher Command Centre Server. Exploitation stems from an uncaught exception (CWE-248) that allows an authorized and privileged operator to crash the server. Affected versions include 9.30 before vEL9.30.2482 (MR2), 9.20 before vEL9.20.2819 (MR4), 9.10 before vEL9.10.3672...

EUVD-2025-35647

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...

CVE-2025-48430

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...