CVE-2025-41402
📋 TL;DR
This vulnerability allows privileged operators in Gallagher Command Centre Server to bypass expiry checks when entering competency data due to client-side enforcement of server-side security. It affects Gallagher Command Centre Server versions 9.30 prior to vEL9.30.2482, 9.20 prior to vEL9.20.2819, 9.10 prior to vEL9.10.3672, and all versions of 9.00 and earlier.
💻 Affected Systems
- Gallagher Command Centre Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Privileged operators could maintain access to systems or data beyond authorized timeframes, potentially leading to unauthorized access to sensitive security systems or data manipulation.
Likely Case
Privileged operators bypassing competency expiry checks to maintain access they should no longer have, violating access control policies.
If Mitigated
With proper access controls and monitoring, impact is limited to policy violations that can be detected and corrected.
🎯 Exploit Status
Requires privileged operator credentials and knowledge of the vulnerability. Exploitation involves entering invalid competency data to bypass expiry checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: vEL9.30.2482 (MR2) for 9.30, vEL9.20.2819 (MR4) for 9.20, vEL9.10.3672 (MR7) for 9.10
Vendor Advisory: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-41402
Restart Required: No
Instructions:
1. Identify your Command Centre Server version. 2. Download appropriate patch from Gallagher support portal. 3. Apply patch according to Gallagher documentation. 4. Verify patch installation.
🔧 Temporary Workarounds
Enhanced Monitoring and Auditing
allImplement strict monitoring of operator competency data changes and access logs to detect potential exploitation.
Privilege Reduction
allReview and reduce the number of privileged operators to minimize attack surface.
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for all operator accounts
- Enable detailed auditing of all competency data modifications and access attempts
🔍 How to Verify
Check if Vulnerable:
Check Command Centre Server version against affected versions list. If running 9.30 prior to vEL9.30.2482, 9.20 prior to vEL9.20.2819, 9.10 prior to vEL9.10.3672, or any 9.00 version, you are vulnerable.Check Version:
Check version through Command Centre Server administration interface or Gallagher management toolsVerify Fix Applied:
Verify Command Centre Server version shows patched version: vEL9.30.2482 or higher for 9.30, vEL9.20.2819 or higher for 9.20, vEL9.10.3672 or higher for 9.10.📡 Detection & Monitoring
Log Indicators:
- Unusual competency data modifications
- Operator access outside of authorized timeframes
- Multiple competency data entry attempts
Network Indicators:
- Unusual patterns of administrative access to Command Centre Server
SIEM Query:
Search for competency data modification events followed by operator access outside normal hours or beyond expected expiry dates