CVE-2026-25193
Affected Version Matrix 15
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Gallagher | Active Directory Sync | < 9.10.05 | affected |
| Gallagher | Cardholder Sync Utility | < 9.30.104 | affected |
| Gallagher | Command Centre Server | 9.40< 9.40.2575 (MR2) | affected |
| Gallagher | Diagnostics Service | < 2.0.9 | affected |
| Gallagher | Elevator Service | < 10.0.8 | affected |
| Gallagher | Encoding Kiosk Application | < 9.60.10 | affected |
| Gallagher | Entra ID Sync | 1.0< 1.0.10 | affected |
2.0< 2.0.5 | affected | ||
| Gallagher | Event Logger | < 8.90.16 | affected |
| Gallagher | Event Sync Utility | < 8.70.62 | affected |
| Gallagher | Middleware Framework | < 8.90.34 | affected |
| Gallagher | Nexudus Integration | < 9.60.21 | affected |
| Gallagher | Okta Sync | < 9.40.05 | affected |
| Gallagher | Papercut Interface Integration | < 9.60.02 | affected |
| Gallagher | SIP Integration | < 10.1.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-25193
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过日志文件的信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Gallagher | Command Centre Server | 9.40 ~ 9.40.2575 (MR2) | - | |
| Gallagher | Active Directory Sync | 0 ~ 9.10.05 | - | |
| Gallagher | Cardholder Sync Utility | 0 ~ 9.30.104 | - | |
| Gallagher | Diagnostics Service | 0 ~ 2.0.9 | - | |
| Gallagher | Elevator Service | 0 ~ 10.0.8 | - | |
| Gallagher | Encoding Kiosk Application | 0 ~ 9.60.10 | - | |
| Gallagher | Entra ID Sync | 1.0 ~ 1.0.10 | - | |
| Gallagher | Event Sync Utility | 0 ~ 8.70.62 | - | |
| Gallagher | Event Logger | 0 ~ 8.90.16 | - | |
| Gallagher | Middleware Framework | 0 ~ 8.90.34 | - | |
| Gallagher | Nexudus Integration | 0 ~ 9.60.21 | - | |
| Gallagher | Okta Sync | 0 ~ 9.40.05 | - | |
| Gallagher | Papercut Interface Integration | 0 ~ 9.60.02 | - | |
| Gallagher | SIP Integration | 0 ~ 10.1.0 | - |
II. Public POCs for CVE-2026-25193
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-25193
请登录查看更多情报信息。
Other References for CVE-2026-25193 (1)
IV. Related Vulnerabilities
V. Comments for CVE-2026-25193
No comments yet