CVE-2026-25193
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
2th
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.
| CWE | CWE-532 |
| Vendor | gallagher |
| Product | command centre server |
| Published | May 25, 2026 |
| Last Updated | May 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for gallagher command centre server
Be the first to know when new high vulnerabilities affecting gallagher command centre server are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
High
Availability
High
Affected Versions
Gallagher / Command Centre Server
9.40 < 9.40.2575 (MR2)
Gallagher / Active Directory Sync
0 < 9.10.05
Gallagher / Cardholder Sync Utility
0 < 9.30.104
Gallagher / Diagnostics Service
0 < 2.0.9
Gallagher / Elevator Service
0 < 10.0.8
Gallagher / Encoding Kiosk Application
0 < 9.60.10
Gallagher / Entra ID Sync
1.0 < 1.0.10 2.0 < 2.0.5
Gallagher / Event Sync Utility
0 < 8.70.62
Gallagher / Event Logger
0 < 8.90.16
Gallagher / Middleware Framework
0 < 8.90.34
Gallagher / Nexudus Integration
0 < 9.60.21
Gallagher / Okta Sync
0 < 9.40.05
Gallagher / Papercut Interface Integration
0 < 9.60.02
Gallagher / SIP Integration
0 < 10.1.0