CVE-2025-44003

Summary

Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled.

This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in  vEL9.00.3371 (MR7)),  all versions of 8.90 and prior.

Affected Software

VendorProductVersion RangeStatus
GallagherT-Series Readers0 <= 8.90affected
GallagherT-Series Readers9.20 < vCR9.20.250213aaffected
GallagherT-Series Readers9.10 < vCR9.10.250213aaffected
GallagherT-Series Readers9.00 < vCR9.00.250619aaffected

Weaknesses

  • CWE-772: CWE-772 Missing Release of Resource after Effective Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References