CVE-2026-25193_CVE-2026-25193

8.1 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

Description

Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. 
Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted.

Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.

Basic Information

ID CVE-2026-25193

Source Gallagher

Published May 25, 2026 at 05:28

Affected Product

Vendor Gallagher

Product Command Centre Server

Version 9.40

Affected Versions Gallagher Command Centre Server 9.40
Gallagher Active Directory Sync 0
Gallagher Cardholder Sync Utility 0
Gallagher Diagnostics Service 0
Gallagher Elevator Service 0
Gallagher Encoding Kiosk Application 0
Gallagher Entra ID Sync 1.0
Gallagher Entra ID Sync 2.0
Gallagher Event Sync Utility 0
Gallagher Event Logger 0
Gallagher Middleware Framework 0
Gallagher Nexudus Integration 0
Gallagher Okta Sync 0
Gallagher Papercut Interface Integration 0
Gallagher SIP Integration 0

CWE Classification

CWE-532

References

security.gallagher.com /en-NZ/Security-Advisories/CVE-2026-25193

{
    "lastseen": "",
    "description": "Insertion of Sensitive Information into Log File (CWE-532)\u00a0in some Command Centre Service installers could lead to Service Account credentials exposure.\u202f\nMitigating Factor:\u00a0Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted.\n\nMitigation:\u00a0For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\\Gallagher\\Command Centre.",
    "published": "2026-05-25T05:28:14.766Z",
    "modified": "2026-05-25T05:28:14.766Z",
    "type": "cve",
    "title": "CVE-2026-25193",
    "source": "Gallagher",
    "references": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-25193",
    "id": "CVE-2026-25193",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "Gallagher Command Centre Server 9.40\nGallagher Active Directory Sync 0\nGallagher Cardholder Sync Utility 0\nGallagher Diagnostics Service 0\nGallagher Elevator Service 0\nGallagher Encoding Kiosk Application 0\nGallagher Entra ID Sync 1.0\nGallagher Entra ID Sync 2.0\nGallagher Event Sync Utility 0\nGallagher Event Logger 0\nGallagher Middleware Framework 0\nGallagher Nexudus Integration 0\nGallagher Okta Sync 0\nGallagher Papercut Interface Integration 0\nGallagher SIP Integration 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Command Centre Server",
    "version": "9.40",
    "vendor": "Gallagher",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}