CVE-2025-52578

Summary

Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications.

This issue affects Command Centre Server:

9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.

Affected Software

VendorProductVersion RangeStatus
GallagherHigh Sec End of Line Module0 <= 9.00affected
GallagherHigh Sec End of Line Module9.30 < vCR9.30.251028aaffected
GallagherHigh Sec End of Line Module9.20 < vCR9.20.251028aaffected
GallagherHigh Sec End of Line Module9.10 < vCR9.10.251028aaffected

Weaknesses

  • CWE-335: CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References