CVE-2025-35983
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-10
Assigner: Gallagher Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gallagher | controller_7000 | 9.30 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper certificate validation issue (CWE-295) in the Controller 7000 OneLink implementation. It allows an unprivileged attacker to perform a limited denial of service or privileged overrides during the initial configuration of the Controller. However, once the Controllers are connected, there is no risk from this vulnerability.
How can this vulnerability impact me? :
The vulnerability can allow an unprivileged attacker to cause a limited denial of service or perform privileged overrides during the initial configuration phase of the Controller 7000. This could disrupt setup or allow unauthorized configuration changes. There is no impact once the Controllers are connected.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Controller 7000 software to version vCR9.30.250624a or later, as this version addresses the improper certificate validation issue. Avoid using affected versions prior to this update during initial configuration.