CVE-2025-48428
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-23

Last updated on: 2025-10-27

Assigner: Gallagher Group Ltd.

Description
Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-48428
EUVD
EUVD-2025-35648
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
gallagher command_centre_server 9.20
gallagher command_centre_server 9.10
gallagher command_centre_server 8.90
gallagher command_centre_server 9.00
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the cleartext storage of sensitive information within the Gallagher Morpho integration of the Gallagher Command Centre Server. An authenticated user with high privileges on the server can export a specific signing key while it is in use. This key could then be used to deploy compromised or counterfeit devices on the affected site. [1]

Impact Analysis

If exploited, this vulnerability could allow a privileged authenticated user to export a signing key and use it to deploy compromised or counterfeit devices on the site. This could lead to unauthorized access or control over physical security systems, potentially compromising site security. [1]

Mitigation Strategies

Mitigation involves following all applicable guidance in the Command Centre hardening guide to secure the environment. Ensure that you update the Gallagher Command Centre Server to a fixed version: vEL9.20.2819 (MR4) or later for 9.20, vEL9.10.3672 (MR7) or later for 9.10, and vEL9.00.3831 (MR8) or later for 9.00. Restrict access to the Command Centre Server to only trusted, authenticated users with high privileges and monitor usage of the Gallagher Morpho integration to prevent unauthorized exportation of signing keys. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48428. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart