CVE-2025-52578 identifies a vulnerability in the Gallagher High Sec End of Line Module stemming from improper seeding of its pseudo-random number generator (PRNG), classified under CWE-335. PRNGs are critical for cryptographic operations, and incorrect seeding can lead to predictable outputs, undermining the security of encrypted communications. This vulnerability specifically affects the Command Centre Server software versions prior to vCR9.30.251028a, vCR9.20.251028a, and vCR9.10.251028a, as well as all versions 9.00 and earlier. The flaw allows a sophisticated attacker with physical access to the device to potentially compromise internal communications, enabling interception or manipulation of data exchanged between components. The attack vector requires physical access, making remote exploitation infeasible, and the attack complexity is high due to the need for detailed knowledge and access. The vulnerability impacts confidentiality and integrity of communications but does not affect availability. Although no exploits are currently known in the wild, the risk remains significant for environments where physical security is limited. The issue highlights the importance of proper cryptographic implementation and seed management in embedded security modules. Gallagher has reserved the CVE and is expected to release patches addressing the PRNG seeding issue in upcoming software updates. Organizations using affected versions should prepare to apply these patches promptly and enforce strict physical security controls to mitigate risk.

The vulnerability primarily threatens the confidentiality and integrity of internal communications within Gallagher’s High Sec End of Line Module. For European organizations, especially those in critical infrastructure sectors such as utilities, transportation, and government facilities that rely on Gallagher’s security systems, this could lead to unauthorized interception or manipulation of sensitive data. Compromise of device communications may allow attackers to bypass security controls, potentially facilitating further attacks or unauthorized access. Since exploitation requires physical access, environments with less stringent physical security controls are at higher risk. The medium CVSS score reflects the moderate likelihood and impact, but the potential consequences in high-security environments could be severe. Disruption or compromise of security infrastructure could undermine trust in physical security systems and lead to regulatory and compliance issues under frameworks like GDPR and NIS Directive. The lack of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop techniques over time.

1. Apply Gallagher’s official patches immediately once released for the affected Command Centre Server versions to correct the PRNG seeding issue. 2. Enhance physical security controls around devices running the High Sec End of Line Module to prevent unauthorized physical access, including surveillance, access logging, and secure enclosures. 3. Conduct regular audits of device configurations and communications to detect anomalies indicative of tampering or interception. 4. Implement network segmentation to isolate critical security infrastructure and limit the impact of any compromised device. 5. Train security personnel on the risks associated with physical access attacks and the importance of monitoring for suspicious activity. 6. Maintain an inventory of all Gallagher devices and their software versions to ensure timely patch management. 7. Collaborate with Gallagher support for guidance on interim mitigations if patches are delayed. 8. Review and update incident response plans to include scenarios involving physical compromise of security modules.