CVE-2025-35981 is a vulnerability identified in Gallagher Command Centre Server, a widely used physical access control management system. The flaw is categorized under CWE-359, which pertains to the exposure of private personal information to unauthorized actors. Specifically, this vulnerability allows a privileged operator—someone with elevated but not full administrative rights—to view limited personal data about cardholders that they would not normally be authorized to access. The affected versions include 9.30.1874 (MR1), 9.20.2337 (MR3), and 9.10.3194 (MR6). The vulnerability arises due to insufficient access control enforcement within the Command Centre Server, permitting privilege escalation in terms of data visibility. Exploitation does not require user interaction but does require the attacker to have privileged operator credentials, which limits the attack surface to insider threats or compromised operator accounts. The CVSS v3.1 base score is 5.5 (medium), reflecting the moderate impact on confidentiality without affecting integrity or availability. No public exploits have been reported yet, and no patches are currently linked, indicating that remediation may require vendor intervention. This vulnerability is significant because it exposes sensitive personal information managed by physical access control systems, potentially violating privacy regulations such as GDPR and increasing insider threat risks.

For European organizations, the exposure of private personal information through this vulnerability can lead to significant privacy compliance issues under GDPR, which mandates strict controls over personal data access and processing. Unauthorized viewing of cardholder data by privileged operators could result in data breaches, loss of trust, and regulatory penalties. Organizations relying on Gallagher Command Centre for managing physical access to sensitive facilities—such as government buildings, critical infrastructure, healthcare, and financial institutions—may face increased insider threat risks. The confidentiality breach could also facilitate social engineering or targeted attacks if personal data is leveraged maliciously. While the vulnerability does not impact system integrity or availability, the reputational damage and potential legal consequences from privacy violations can be substantial. Additionally, the need to audit and monitor privileged user activity will increase operational overhead. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially from malicious insiders or compromised operator accounts.

Organizations should immediately review and tighten access controls for privileged operators within Gallagher Command Centre Server, ensuring the principle of least privilege is strictly enforced. Implement role-based access controls (RBAC) that limit data visibility to only what is necessary for each operator’s role. Enable detailed logging and continuous monitoring of operator activities to detect any unauthorized access to personal data. Conduct regular audits of access logs and investigate anomalies promptly. Segregate duties where possible to reduce the risk of a single operator accessing sensitive data beyond their scope. Engage with Gallagher to obtain and apply security patches or updates addressing this vulnerability as soon as they become available. Additionally, consider implementing multi-factor authentication (MFA) for operator accounts to reduce the risk of credential compromise. Train staff on the importance of data privacy and insider threat awareness. Finally, review and update incident response plans to include scenarios involving insider data exposure.