| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.2 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Gallagher T-Series Readers and classified as problematic. This vulnerability affects unknown code. The manipulation leads to release of resource. This vulnerability is uniquely identified as CVE-2025-44003. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.
Details
A vulnerability, which was classified as problematic, has been found in Gallagher T-Series Readers. This issue affects an unknown part. The manipulation with an unknown input leads to a release of resource vulnerability. Using CWE to declare the problem leads to CWE-772. The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed. Impacted is availability. The summary by CVE is:
Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in vEL9.00.3371 (MR7)), all versions of 8.90 and prior.
The advisory is shared at security.gallagher.com. The identification of this vulnerability is CVE-2025-44003 since 06/17/2025. The exploitation is known to be easy. The attack needs to be done within the local network. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.
Upgrading to version CR9.00.250619a, CR9.10.250213a or CR9.20.250213a eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-20885). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.2
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 4.3
CNA Vector (Gallagher): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Release of resourceCWE: CWE-772 / CWE-400 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: T-Series Readers CR9.00.250619a/CR9.10.250213a/CR9.20.250213a
Timeline
06/17/2025 CVE reserved07/10/2025 Advisory disclosed
07/10/2025 VulDB entry created
07/10/2025 VulDB entry last update
Sources
Advisory: security.gallagher.comStatus: Confirmed
CVE: CVE-2025-44003 (🔒)
GCVE (CVE): GCVE-0-2025-44003
GCVE (VulDB): GCVE-100-315857
EUVD: 🔒
Entry
Created: 07/10/2025 07:42Updated: 07/10/2025 14:59
Changes: 07/10/2025 07:42 (61), 07/10/2025 10:36 (1), 07/10/2025 14:59 (1)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.