CVE-2025-44003
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-10
Assigner: Gallagher Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gallagher | t-series_reader | 8.90 |
| gallagher | t-series_reader | 9.00 |
| gallagher | t-series_reader | 9.10 |
| gallagher | t-series_reader | 9.20 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-772 | The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader. It allows an attacker with physical access to the reader to cause a limited denial of service when the 125 kHz Card Technology is enabled.
How can this vulnerability impact me? :
The vulnerability can lead to a limited denial of service on the affected Gallagher T-Series Reader devices, potentially disrupting their normal operation when 125 kHz Card Technology is enabled.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Gallagher T-Series Reader firmware to a fixed version at or above vCR9.20.250213a for 9.20 series, vCR9.10.250213a for 9.10 series, or vCR9.00.250619a for 9.00 series. Avoid using affected versions including all versions of 8.90 and prior. Additionally, restrict physical access to the readers to prevent exploitation.