CVE-2025-48428 is a vulnerability classified under CWE-312, which pertains to the cleartext storage of sensitive information. Specifically, in the Gallagher Command Centre Server, versions 8.90 and prior, as well as versions 9.00, 9.10, and 9.20 before their respective patch releases, the Gallagher Morpho integration stores a signing key in cleartext. This signing key is critical for authenticating devices within the physical security ecosystem managed by the Command Centre Server. An authenticated user with access to the server can export this signing key while it is in use. Possession of this key allows the attacker to deploy compromised or counterfeit devices that the system would trust, effectively bypassing physical security controls. The vulnerability requires the attacker to have high privileges on the server (authenticated with high rights), but no further user interaction is needed. The CVSS v3.1 score of 6.7 reflects a medium severity with high impact on confidentiality, integrity, and availability, but limited by the requirement for local access and high privileges. No public exploits have been reported yet, but the risk remains significant due to the potential for physical security compromise. Gallagher has not provided patch links in the data, but affected versions are clearly identified, indicating that patches or mitigations are expected or available in newer releases.

For European organizations, the impact of this vulnerability is substantial, particularly for those relying on Gallagher Command Centre Server for physical access control and security management. Unauthorized export of the signing key can lead to the deployment of counterfeit or compromised devices that can bypass security controls, potentially allowing unauthorized physical access to sensitive facilities such as government buildings, critical infrastructure, data centers, and corporate headquarters. This can result in data breaches, theft, sabotage, or espionage. The integrity of the physical security system is compromised, and availability may be affected if counterfeit devices disrupt normal operations. Since the vulnerability requires authenticated access with high privileges, insider threats or attackers who have already gained elevated access pose the greatest risk. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially in targeted attacks. European organizations must consider this vulnerability in their risk assessments and incident response planning, as physical security breaches can have cascading effects on cybersecurity and operational continuity.

1. Immediate upgrade to the latest patched versions of Gallagher Command Centre Server as soon as they become available, ensuring that versions prior to vEL9.20.2819, vEL9.10.3672, and vEL9.00.3831 are replaced. 2. Restrict and monitor administrative access to the Command Centre Server to minimize the risk of an attacker gaining the required high privileges. Implement strict role-based access controls and enforce the principle of least privilege. 3. Conduct regular audits of user accounts and access logs to detect any unauthorized or suspicious activities related to key export or device deployment. 4. Employ network segmentation to isolate the Command Centre Server from less secure network zones, reducing the attack surface. 5. Use multi-factor authentication (MFA) for all administrative access to the Command Centre Server to mitigate risks from compromised credentials. 6. Monitor for anomalous device registrations or deployments within the physical security system that could indicate misuse of the signing key. 7. Engage with Gallagher support or security advisories to obtain official patches or workarounds and apply them promptly. 8. Train security personnel on the risks associated with this vulnerability and the importance of safeguarding administrative credentials and access.