PT-2025-43423 · Morpho+1 · Morpho+1
Published
2025-07-08
·
Updated
2025-10-28
·
CVE-2025-47699
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre Server versions prior to 9.00.3831 (MR8), versions 9.10 prior to vEL9.10.3672 (MR7), versions 9.20 prior to vEL9.20.2819 (MR4), versions 9.30 prior to vEL9.30.2482 (MR2), and all versions of 8.90 and prior.
Description
An issue exists within the Gallagher Morpho integration of the Command Centre Server that could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This is due to an exposure of sensitive system information to an unauthorized control sphere.
Recommendations
Versions prior to 9.00.3831 (MR8) should be updated.
Versions 9.10 prior to vEL9.10.3672 (MR7) should be updated.
Versions 9.20 prior to vEL9.20.2819 (MR4) should be updated.
Versions 9.30 prior to vEL9.30.2482 (MR2) should be updated.
All versions of 8.90 and prior should be updated.
Fix
LPE
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gallagher Command Centre Server
Morpho