Home

Description

Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.

PUBLISHED Reserved 2025-06-17 | Published 2025-11-18 | Updated 2025-11-19 | Assigner Gallagher




MEDIUM: 5.7CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-208 Observable Timing Discrepancy

Product status

Default status
unaffected

Any version
affected

9.30 (custom) before vCR9.30.251028a
affected

9.20 (custom) before vCR9.20.251028a
affected

9.10 (custom) before vCR9.10.251028a
affected

References

security.gallagher.com/...Security-Advisories/CVE-2025-52457

cve.org (CVE-2025-52457)

nvd.nist.gov (CVE-2025-52457)

Download JSON