CVE-2025-44003 is a medium-severity vulnerability identified in Gallagher T-Series Readers, specifically affecting versions prior to vCR9.20.250213a, vCR9.10.250213a, and vCR9.00.250619a, as well as all versions of 8.90 and earlier. The vulnerability is classified under CWE-772, which pertains to the missing release of a resource after its effective lifetime. In this context, the resource in question is related to the 125 kHz card technology functionality within the reader. The flaw allows an attacker with physical access to the reader to trigger a limited denial of service (DoS) condition. This occurs because the reader fails to properly release resources after their intended use, leading to resource exhaustion or lock-up states that degrade the device's availability. The attack vector requires physical proximity or access, as remote exploitation is not indicated. No authentication or user interaction is necessary beyond physical access. The CVSS v3.1 score is 4.3, reflecting a low attack vector (adjacent network), low complexity, no privileges required, no user interaction, and impact limited to availability only. There are no known exploits in the wild, and no official patches have been linked yet. This vulnerability could disrupt access control systems relying on these readers, potentially causing operational interruptions in facilities using Gallagher T-Series Readers with 125 kHz card technology enabled.

For European organizations, the impact of CVE-2025-44003 primarily concerns physical security and operational continuity. Gallagher T-Series Readers are commonly deployed in physical access control systems across various sectors including corporate offices, government buildings, healthcare facilities, and critical infrastructure sites. A successful exploitation could cause temporary denial of service of the reader, preventing legitimate access and potentially causing workflow disruptions or security lapses. While the vulnerability does not compromise confidentiality or integrity, the availability impact could delay entry or exit, affecting security personnel response times and operational efficiency. Facilities with high reliance on 125 kHz card technology are more vulnerable, especially where physical access to readers is less controlled. In environments with strict regulatory compliance requirements (e.g., GDPR, NIS Directive), any disruption to security controls could have compliance implications. However, since exploitation requires physical access, the threat is somewhat mitigated by existing physical security measures.

To mitigate this vulnerability, European organizations should: 1) Immediately assess the versions of Gallagher T-Series Readers deployed and identify those running affected firmware versions. 2) Implement strict physical security controls around reader hardware to prevent unauthorized physical access, including surveillance, tamper detection, and secure mounting. 3) Disable or phase out the use of 125 kHz card technology where possible, migrating to more secure authentication methods such as higher frequency RFID or smart cards. 4) Monitor reader behavior for signs of resource exhaustion or denial of service conditions and establish incident response procedures for physical access control failures. 5) Engage with Gallagher for firmware updates or patches addressing this vulnerability and plan timely deployment once available. 6) Conduct regular security audits and penetration tests focusing on physical access points to identify and remediate potential exploitation vectors. 7) Train security personnel to recognize and respond to physical tampering attempts targeting access control readers.