CVE-2025-52457

Summary

Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security.

This issue affects Command Centre Server:

9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.

Affected Software

VendorProductVersion RangeStatus
GallagherHBUS Devices0 <= 9.00affected
GallagherHBUS Devices9.30 < vCR9.30.251028aaffected
GallagherHBUS Devices9.20 < vCR9.20.251028aaffected
GallagherHBUS Devices9.10 < vCR9.10.251028aaffected

Weaknesses

  • CWE-208: CWE-208 Observable Timing Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References