CVE-2025-52578

Severity: Medium + CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Components affected: High Sec End of Line Module

Version of Command Centre affected:

• 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)),
• 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)),
• 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), 
• all versions of 9.00 and prior.

Reported by: GGL Internal

Active exploitation of vulnerability*: None

Description of vulnerability: Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communication

Mitigating Factor: Only sites making use of High Sec ELMs are affected. Ensure that hardware is installed correctly, and follow all steps from the hardening guide.

*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.