CVE-2025-48430
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-23

Last updated on: 2025-10-27

Assigner: Gallagher Group Ltd.

Description
Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-23
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-48430
EUVD
EUVD-2025-35647
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
gallagher command_centre_server 9.20
gallagher command_centre_server 9.30
gallagher command_centre_server 9.00
gallagher command_centre_server 9.10
gallagher command_centre_server 8.90
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-248 An exception is thrown from a function, but it is not caught.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Uncaught Exception (CWE-248) in the Gallagher Command Centre Server that allows an authorized and privileged operator to intentionally crash the server. It affects multiple versions prior to specific fixed releases. The crash causes a denial of service by making the server unavailable, but it does not impact confidentiality or integrity. [1]

Impact Analysis

The vulnerability can impact you by allowing an authorized and privileged operator to crash the Command Centre Server at will, resulting in a denial of service. This means the server becomes unavailable, potentially disrupting operations that depend on it. There is no impact on data confidentiality or integrity. [1]

Mitigation Strategies

Mitigation involves enforcing strict privilege limitations on operators to minimize exposure to this issue. Ensure that only authorized and necessary privileged operators have access to the Command Centre Server to prevent intentional crashes. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-48430. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart