CVE-2025-48428 in Command Centre Server
Summary
by MITRE • 10/23/2025
Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key while in use allowing them to deploy a compromised or counterfeit device on that site. This issue affects Command Centre Server: 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 10/26/2025
The vulnerability identified as CVE-2025-48428 represents a critical cleartext storage weakness in the Gallagher Morpho integration component of the Command Centre Server platform. This flaw falls under CWE-312, which specifically addresses the insecure storage of sensitive information in cleartext format. The vulnerability exists within the authentication and authorization framework of the system, where sensitive cryptographic material is stored in an unencrypted state, making it accessible to authenticated users with appropriate privileges. The affected versions span multiple release lines including 9.20, 9.10, 9.00, and 8.90, indicating a widespread issue that impacts the security posture of numerous installations. The specific sensitive information at risk includes a signing key that is actively in use within the system, creating a pathway for adversaries to compromise the integrity of the authentication infrastructure.
The operational impact of this vulnerability extends beyond simple data exposure to encompass full system compromise through device impersonation. An authenticated user with access to the Command Centre Server can exploit this weakness to export a signing key that is currently active within the system. This capability allows the attacker to deploy malicious or counterfeit devices that can successfully authenticate against the network, effectively bypassing the security controls designed to prevent unauthorized access. The implications are particularly severe for physical security systems where the integrity of authentication tokens and device verification is paramount. The attack vector leverages legitimate administrative access, making it difficult to detect through traditional monitoring mechanisms and potentially allowing for extended periods of undetected compromise.
The security implications of this vulnerability align with several ATT&CK techniques including T1552.001 (Unsecured Credentials) and T1078.004 (Valid Accounts - Cloud Accounts) where the cleartext storage enables adversaries to extract sensitive information that would normally be protected through proper encryption mechanisms. The affected versions indicate that this issue has persisted across multiple major releases, suggesting a fundamental flaw in the system's approach to cryptographic key management and storage. Organizations running these vulnerable versions face significant risk of unauthorized device deployment, which could lead to complete compromise of physical access control systems and potential data breaches. The vulnerability's persistence across different major versions also indicates that the root cause has not been properly addressed in the codebase, requiring immediate attention through patching or alternative mitigations.
Mitigation strategies should prioritize immediate patching of affected systems to the latest available versions that contain the necessary security fixes. Organizations must also implement additional monitoring for unauthorized key exports and access to sensitive system components. The implementation of proper encryption for all sensitive data at rest, including cryptographic keys, should be enforced through configuration management and security policy enforcement. Network segmentation and privileged access controls should be strengthened to limit the scope of potential compromise. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other components of the security infrastructure. The use of principle of least privilege should be enforced to ensure that only authorized personnel have access to sensitive system functions, and all access should be logged and monitored for anomalous behavior.