CVE-2025-35981_CVE-2025-35981

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view.

This issue affects Command Centre Server: 9.30.1874 (MR1), 9.20.2337 (MR3), 9.10.3194 (MR6).

Basic Information

ID CVE-2025-35981

Source Gallagher

Published Oct 23, 2025 at 03:37

Affected Product

Vendor Gallagher

Product Command Centre Server

Version 9.30.1874 (MR1)

Affected Versions Gallagher Command Centre Server 9.30.1874 (MR1)
Gallagher Command Centre Server 9.20.2337 (MR3)
Gallagher Command Centre Server 9.10.3194 (MR6)

CWE Classification

CWE-359

References

security.gallagher.com /en-NZ/Security-Advisories/CVE-2025-35981

{
    "lastseen": "",
    "description": "Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. \n\nThis issue affects Command Centre Server: 9.30.1874 (MR1), 9.20.2337 (MR3), 9.10.3194 (MR6).",
    "published": "2025-10-23T03:37:36.498Z",
    "modified": "2025-10-23T03:37:36.498Z",
    "type": "cve",
    "title": "CVE-2025-35981",
    "source": "Gallagher",
    "references": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-35981",
    "id": "CVE-2025-35981",
    "bulletinFamily": "",
    "cwe": [
        "CWE-359"
    ],
    "cvelist": null,
    "sourceData": "Gallagher Command Centre Server 9.30.1874 (MR1)\nGallagher Command Centre Server 9.20.2337 (MR3)\nGallagher Command Centre Server 9.10.3194 (MR6)",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Command Centre Server",
    "version": "9.30.1874 (MR1)",
    "vendor": "Gallagher",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}