Client-Side Security Bypass in Command Centre Server by Gallagher
CVE-2025-41402

5.5MEDIUM

Key Information:

Vendor: Gallagher
Status: Command Centre Server
Vendor: CVE Published:; 23 October 2025

What is CVE-2025-41402?

A client-side enforcement of server-side security vulnerability in Gallagher's Command Centre Server permits a privileged operator to bypass expiration checks by submitting invalid competency data. This undermines data integrity and poses potential risks to system security, affecting various versions of the software.

Affected Version(s)

Command Centre Server 0 <= 9.00

Command Centre Server 9.30 < 9.30.2482 (MR2)

Command Centre Server 9.20 < 9.20.2819 (MR4)

References

https://security.gallagher.com/en-NZ/Security-Advisories/...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2025
Vulnerability Reserved
Jun 17, 2025

JSON