Home

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.

PUBLISHED Reserved 2025-06-17 | Published 2025-10-23 | Updated 2025-10-23 | Assigner Gallagher




CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

Product status

Default status
unaffected

Any version
affected

9.30 (custom) before 9.30.2482 (MR2)
affected

9.20 (custom) before 9.20.2819 (MR4)
affected

9.10 (custom) before 9.10.3672 (MR7
affected

9.00 (custom) before 9.00.3831 (MR8)
affected

References

security.gallagher.com/...Security-Advisories/CVE-2025-47699

cve.org (CVE-2025-47699)

nvd.nist.gov (CVE-2025-47699)

Download JSON