PT-2025-43424 · Gallagher · Gallagher Command Centre Server
Published
2025-10-23
·
Updated
2025-10-23
·
CVE-2025-48428
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Gallagher Command Centre Server versions prior to 9.20.2819 (MR4)
Gallagher Command Centre Server versions prior to 9.10.3672 (MR7)
Gallagher Command Centre Server versions prior to 9.00.3831 (MR8)
Gallagher Command Centre Server version 8.90
Description
The Gallagher Morpho integration stores sensitive information in cleartext. An authenticated user with access to the Command Centre Server can export a signing key while in use. This could allow deployment of a compromised or counterfeit device on a site.
Recommendations
Update Gallagher Command Centre Server to version 9.20.2819 (MR4) or later.
Update Gallagher Command Centre Server to version 9.10.3672 (MR7) or later.
Update Gallagher Command Centre Server to version 9.00.3831 (MR8) or later.
Update Gallagher Command Centre Server to a version later than 8.90.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gallagher Command Centre Server