CVE-2025-47699

Summary

Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices.

This issue affects Command Centre Server:

9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Centre Server0 <= 8.90affected
GallagherCommand Centre Server9.30 < 9.30.2482 (MR2)affected
GallagherCommand Centre Server9.20 < 9.20.2819 (MR4)affected
GallagherCommand Centre Server9.10 < 9.10.3672 (MR7affected
GallagherCommand Centre Server9.00 < 9.00.3831 (MR8)affected

Weaknesses

  • CWE-497: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References