CVE-2025-52457
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-18
Assigner: Gallagher Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gallagher | command_centre_server | 9.00 |
| gallagher | command_centre_server | 9.20 |
| gallagher | command_centre_server | 9.30 |
| gallagher | command_centre_server | 9.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-208 | Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Observable Timing Discrepancy (CWE-208) in HBUS devices that may allow an attacker with physical access to the device to extract device-specific keys. This extraction could potentially compromise further site security by exposing sensitive cryptographic material.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with physical access to extract device-specific keys from HBUS devices, potentially leading to unauthorized access or control over the affected system and compromising the overall security of the site.