CVE-2025-46406
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-07-10
Assigner: Gallagher Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gallagher | command_centre_server | 8.90 |
| gallagher | command_centre_server | 9.10 |
| gallagher | command_centre_server | 9.30 |
| gallagher | command_centre_server | 9.20 |
| gallagher | command_centre_server | 9.00 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-270 | The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Privilege Context Switching Error (CWE-270) in the Command Center Server. It allows a privileged Operator who has high level access in one Division to perform limited privileged activities across Division boundaries, which they normally should not be able to do.
How can this vulnerability impact me? :
The vulnerability could allow an Operator with high level access in one Division to perform unauthorized privileged actions in other Divisions. This could lead to unauthorized access or changes in areas outside their intended scope, potentially compromising security and operational integrity.