CVE-2025-44003

Severity: Medium CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Components affected: T-Series Readers

Version of Command Centre affected: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in  vEL9.00.3371 (MR7)),  all versions of 8.90 and prior.

Reported by: Gallagher Internal

Active exploitation of vulnerability*: No

Description of vulnerability: 

 Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled.

Mitigation: Disabling 125 kHz Card Technology prevents exploitation of this vulnerability. 

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.