CVE-2025-47699
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-23

Last updated on: 2025-10-27

Assigner: Gallagher Group Ltd.

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-47699
EUVD
EUVD-2025-35649
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
gallagher command_centre_server 9.20
gallagher command_centre_server 9.30
gallagher command_centre_server 9.00
gallagher command_centre_server 9.10
gallagher command_centre_server 8.90
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2025-47699, affects the Gallagher Command Centre Server and involves the Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) within the Gallagher Morpho integration. It allows an authenticated operator who has limited site permissions to make critical changes to local Morpho biometric devices, which they should not normally be able to do. This issue impacts specific versions of the Command Centre Server prior to certain updates. [1]

Impact Analysis

If you are using the Gallagher Command Centre Server with the Morpho integration, this vulnerability could allow an operator with limited permissions to escalate their control and make critical unauthorized changes to biometric devices. This could lead to unauthorized access, manipulation of security devices, and potentially compromise the security of the site. [1]

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Gallagher Command Centre Server to the fixed versions: vEL9.30.2482 (MR2) or later for 9.30, vEL9.20.2819 (MR4) or later for 9.20, vEL9.10.3672 (MR7) or later for 9.10, vEL9.00.3831 (MR8) or later for 9.00, or upgrade from any version 8.90 or earlier to a fixed version. Additionally, restrict authenticated operator permissions to prevent unauthorized critical changes to Morpho biometric devices and monitor sites using Gallagher Morpho integration closely. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47699. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart