CVE-2025-48428 is a vulnerability categorized under CWE-312 (Cleartext Storage of Sensitive Information) found in the Gallagher Command Centre Server, specifically affecting the Gallagher Morpho integration. The issue arises because sensitive signing keys used to authenticate devices are stored in cleartext and can be exported by any authenticated user with access to the Command Centre Server. This flaw allows an attacker with legitimate credentials to extract these keys and subsequently deploy compromised or counterfeit devices within the physical security environment managed by the Command Centre Server. The vulnerability affects versions 8.90 and prior, as well as versions 9.00, 9.10, and 9.20 prior to their respective patch releases (vEL9.00.3831 MR8, vEL9.10.3672 MR7, vEL9.20.2819 MR4). The CVSS v3.1 base score is 6.7, reflecting a medium severity level, with attack vector local (AV:L), low attack complexity (AC:L), requiring high privileges (PR:H), no user interaction (UI:N), and impacting confidentiality, integrity, and availability (C:H/I:H/A:H). This means exploitation requires authenticated access but no further user action, and successful exploitation can lead to significant compromise of the physical security system’s trust model. No public exploits are known at this time, but the vulnerability poses a risk to organizations relying on Gallagher’s Command Centre for physical access control and device authentication. The ability to deploy counterfeit devices undermines the integrity of the security infrastructure and could facilitate unauthorized physical access or sabotage.

For European organizations, this vulnerability poses a significant risk to physical security systems that rely on Gallagher Command Centre Server, particularly in sectors such as critical infrastructure, government, transportation, and large enterprises. The ability to export signing keys and deploy counterfeit devices could lead to unauthorized physical access, data breaches, sabotage, or espionage. This undermines the trustworthiness of access control systems and could have cascading effects on operational continuity and safety. Given the medium CVSS score and the requirement for authenticated access, insider threats or compromised credentials are the most likely exploitation vectors. The impact on confidentiality, integrity, and availability is high, as attackers can manipulate device authentication and potentially disable or bypass security controls. European organizations with stringent regulatory requirements for physical security and data protection may face compliance risks if this vulnerability is exploited.

1. Apply Gallagher’s official patches and updates as soon as they become available for the affected Command Centre Server versions. 2. Restrict access to the Command Centre Server to only highly trusted and necessary personnel, implementing strict role-based access controls (RBAC) to limit who can export signing keys. 3. Monitor and audit all key export activities and access logs for unusual or unauthorized actions, using Security Information and Event Management (SIEM) tools where possible. 4. Implement multi-factor authentication (MFA) for all users accessing the Command Centre Server to reduce the risk of credential compromise. 5. Segregate the Command Centre Server network segment from general IT networks to reduce the attack surface. 6. Conduct regular security awareness training for personnel with access to the Command Centre Server to recognize and report suspicious activities. 7. Consider additional compensating controls such as hardware security modules (HSMs) for key storage if supported by the vendor. 8. Engage with Gallagher support for guidance on secure configuration and any interim mitigations prior to patch deployment.