CVE-2026-25193
Gallagher Command Centre Service Account Credentials Exposure via Log Files
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: Gallagher Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gallagher | command_centre | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the insertion of sensitive information into a log file by some Command Centre Service installers. Specifically, it can lead to the exposure of Service Account credentials if a custom Service Account is used instead of the default Network Service account.
How can this vulnerability impact me? :
If you install Command Centre Services using a custom Service Account, this vulnerability could expose your Service Account credentials through log files. This exposure could allow unauthorized users to gain access to your service account, potentially leading to further compromise of your system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, the recommended immediate actions are to change the Service Account password if you are using a custom Service Account (not the default Network Service account).
Additionally, you should delete any installer log files that may contain sensitive information. These log files are usually located in the directory %programdata%\Gallagher\Command Centre.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the insertion of sensitive information, specifically Service Account credentials, into log files. Exposure of such credentials could lead to unauthorized access and potential data breaches.
While the CVE description does not explicitly mention compliance with standards like GDPR or HIPAA, the exposure of sensitive credentials could increase the risk of non-compliance with these regulations, which require protection of sensitive data and access controls.
Mitigation steps such as changing the Service Account password and deleting installer log files can help reduce the risk of credential exposure and thus support compliance efforts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the insertion of sensitive Service Account credentials into installer log files. Detection can be performed by checking for the presence of these log files and inspecting them for exposed credentials.
You can look for installer log files typically located in the directory: %programdata%\Gallagher\Command Centre.
A suggested command to find these log files on a Windows system is:
- dir %programdata%\Gallagher\Command Centre\*.log /s
After locating the log files, you can search for potential sensitive information such as service account names or passwords by using a command like:
- findstr /i "password" %programdata%\Gallagher\Command Centre\*.log
Note that only installations using a custom Service Account (not the default Network Service account) are potentially impacted.