CVE-2025-52457_CVE-2025-52457

5.7 / 10

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security.

This issue affects Command Centre Server:

9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.

Basic Information

ID CVE-2025-52457

Source Gallagher

Published Nov 18, 2025 at 03:25

Affected Product

Vendor Gallagher

Product HBUS Devices

Affected Versions Gallagher HBUS Devices 0
Gallagher HBUS Devices 9.30
Gallagher HBUS Devices 9.20
Gallagher HBUS Devices 9.10

CWE Classification

CWE-208

References

security.gallagher.com /en-NZ/Security-Advisories/CVE-2025-52457

{
    "lastseen": "",
    "description": "Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. \n\nThis issue affects Command Centre Server:\n\n9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)),\u00a0all versions of 9.00 and prior.",
    "published": "2025-11-18T03:25:57.696Z",
    "modified": "2025-11-18T03:25:57.696Z",
    "type": "cve",
    "title": "CVE-2025-52457",
    "source": "Gallagher",
    "references": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-52457",
    "id": "CVE-2025-52457",
    "bulletinFamily": "",
    "cwe": [
        "CWE-208"
    ],
    "cvelist": null,
    "sourceData": "Gallagher HBUS Devices 0\nGallagher HBUS Devices 9.30\nGallagher HBUS Devices 9.20\nGallagher HBUS Devices 9.10",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HBUS Devices",
    "version": "0",
    "vendor": "Gallagher",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}