CVE-2025-48430
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-27
Assigner: Gallagher Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gallagher | command_centre_server | 9.20 |
| gallagher | command_centre_server | 9.30 |
| gallagher | command_centre_server | 9.00 |
| gallagher | command_centre_server | 9.10 |
| gallagher | command_centre_server | 8.90 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Uncaught Exception (CWE-248) in the Gallagher Command Centre Server that allows an authorized and privileged operator to intentionally crash the server. It affects multiple versions prior to specific fixed releases. The crash causes a denial of service by making the server unavailable, but it does not impact confidentiality or integrity. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an authorized and privileged operator to crash the Command Centre Server at will, resulting in a denial of service. This means the server becomes unavailable, potentially disrupting operations that depend on it. There is no impact on data confidentiality or integrity. [1]
What immediate steps should I take to mitigate this vulnerability?
Mitigation involves enforcing strict privilege limitations on operators to minimize exposure to this issue. Ensure that only authorized and necessary privileged operators have access to the Command Centre Server to prevent intentional crashes. [1]