Improper Certificate Validation in Gallagher Controller 7000
CVE-2025-35983

6.5MEDIUM

Key Information:

Vendor: Gallagher
Status: Controller 7000
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-35983?

The Gallagher Controller 7000 has a vulnerability related to improper certificate validation, allowing unprivileged attackers to potentially execute limited denial of service attacks or perform unauthorized overrides during initial configuration. This vulnerability affects versions 9.30 prior to vCR9.30.250624a, but does not pose a risk once the controllers are connected, ensuring operations remain secure post-configuration. Timely updates are essential for safeguarding against exploitation and maintaining system integrity.

Affected Version(s)

Controller 7000 9.30

References

https://security.gallagher.com/en-NZ/Security-Advisories/...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Jun 17, 2025