Home

Description

Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.

PUBLISHED Reserved 2025-06-17 | Published 2025-10-23 | Updated 2025-10-23 | Assigner Gallagher




MEDIUM: 6.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-312 Cleartext Storage of Sensitive Information

Product status

Default status
unaffected

Any version
affected

9.20 (custom) before 9.20.2819 (MR4)
affected

9.10 (custom) before 9.10.3672 (MR7)
affected

9.00 (custom) before 9.00.3831 (MR8)
affected

References

security.gallagher.com/...Security-Advisories/CVE-2025-48428

cve.org (CVE-2025-48428)

nvd.nist.gov (CVE-2025-48428)

Download JSON