CVE-2025-46406

Severity: Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L

Components affected: Command Centre Server

Version of Command Centre affected: 9.30 prior to 9.30.1874 (MR1), 9.20 prior to 9.20.2337 (MR3), 9.10 prior to 9.10.3194 (MR6), 9.00 prior to 9.00.3371 (MR7), all versions of 8.90 and prior.

Reported by: Gallagher Internal

Active exploitation of vulnerability*: No

Description of vulnerability: A Privilege Context Switching Error (CWE-270) in the Command Centre Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary.

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.