Home

Description

Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)),  all versions of 9.00 and prior.

PUBLISHED Reserved 2025-11-11 | Published 2025-11-18 | Updated 2025-11-19 | Assigner Gallagher




LOW: 2.4CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-772 Missing Release of Resource after Effective Lifetime

Product status

Default status
unaffected

Any version
affected

9.30 (custom) before vCR9.30.251028a
affected

9.20 (custom) before vCR9.20.251028a
affected

9.10 (custom) before vCR9.10.251028a
affected

References

security.gallagher.com/...Security-Advisories/CVE-2025-64734

cve.org (CVE-2025-64734)

nvd.nist.gov (CVE-2025-64734)

Download JSON