CVE-2025-47699
📋 TL;DR
This vulnerability in Gallagher Command Centre Server allows authenticated operators with limited site permissions to make unauthorized critical changes to local Morpho devices. It affects multiple versions of Command Centre Server, potentially enabling privilege escalation and unauthorized device modifications.
💻 Affected Systems
- Gallagher Command Centre Server
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated operator could reconfigure or disable critical Morpho security devices, potentially compromising physical security controls and allowing unauthorized access to secured areas.
Likely Case
Limited operators could modify Morpho device settings beyond their intended permissions, potentially disrupting normal operations or creating security gaps.
If Mitigated
With proper access controls and monitoring, impact would be limited to authorized changes within operator permissions.
🎯 Exploit Status
Exploitation requires authenticated access but with limited permissions
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: vEL9.30.2482 (MR2), vEL9.20.2819 (MR4), vEL9.10.3672 (MR7), vEL9.00.3831 (MR8)
Vendor Advisory: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47699
Restart Required: Yes
Instructions:
1. Download appropriate patch version for your Command Centre Server version. 2. Apply patch following Gallagher's update procedures. 3. Restart Command Centre Server services.
🔧 Temporary Workarounds
Restrict Operator Permissions
allTemporarily reduce operator permissions to minimum required for their role
Enhanced Monitoring
allImplement additional logging and monitoring for Morpho device configuration changes
🧯 If You Can't Patch
- Implement strict access controls and review all operator permissions
- Enable detailed audit logging for all Morpho device configuration changes
🔍 How to Verify
Check if Vulnerable:
Check Command Centre Server version against affected versions listCheck Version:
Check version in Command Centre Server administration interface or configuration filesVerify Fix Applied:
Verify Command Centre Server version is at or above patched versions📡 Detection & Monitoring
Log Indicators:
- Unauthorized Morpho device configuration changes
- Operator actions exceeding their permission level
Network Indicators:
- Unusual configuration traffic to Morpho devices
SIEM Query:
Search for 'Morpho configuration change' events from operators with limited permissions