CVE-2025-47699 Overview
CVE-2025-47699 is a critical information exposure vulnerability (CWE-497) in the Gallagher Command Centre Server's Morpho integration component. This flaw allows an authenticated operator with limited site permissions to gain unauthorized access to sensitive system information and subsequently make critical changes to local Morpho biometric devices.
The vulnerability stems from improper access control within the Morpho integration module, where sensitive system information is exposed to users who should not have access based on their assigned site permissions. This creates a significant authorization bypass scenario that could compromise the integrity of physical access control systems.
Critical Impact
Authenticated operators with limited permissions can escalate their privileges to make critical configuration changes to Morpho biometric devices, potentially compromising physical security infrastructure.
Affected Products
- Gallagher Command Centre Server 9.30 prior to vEL9.30.2482 (MR2)
- Gallagher Command Centre Server 9.20 prior to vEL9.20.2819 (MR4)
- Gallagher Command Centre Server 9.10 prior to vEL9.10.3672 (MR7)
- Gallagher Command Centre Server 9.00 prior to vEL9.00.3831 (MR8)
- Gallagher Command Centre Server 8.90 and all prior versions
Discovery Timeline
- 2025-10-23 - CVE-2025-47699 published to NVD
- 2025-10-27 - Last updated in NVD database
Technical Details for CVE-2025-47699
Vulnerability Analysis
This vulnerability represents a critical authorization bypass in the Gallagher Command Centre Server's Morpho integration. The flaw allows authenticated operators to exceed their assigned site-level permissions when interacting with Morpho biometric devices. The network-accessible nature of the vulnerability, combined with its low attack complexity and the ability to affect resources beyond the vulnerable component's security scope, makes this a severe security concern for organizations using Gallagher's physical access control systems.
The vulnerability affects the confidentiality, integrity, and availability of the system, as attackers can access sensitive information and make unauthorized modifications to critical security infrastructure.
Root Cause
The root cause is an exposure of sensitive system information to an unauthorized control sphere (CWE-497). The Morpho integration component fails to properly validate whether an authenticated operator's site-level permissions should grant them access to specific Morpho device configuration data and controls. This improper access control allows operators with limited site permissions to access and modify resources they should not have authority over.
Attack Vector
The attack requires network access to the Command Centre Server and valid authentication credentials, though only with limited site permissions. The attacker can exploit the vulnerability without user interaction. The exploitation path involves:
- An attacker authenticates to Command Centre Server with a low-privilege operator account
- The attacker accesses the Morpho integration interface
- Due to improper permission validation, the attacker gains access to sensitive system information about Morpho devices
- The attacker leverages this information to make critical configuration changes to local Morpho biometric devices
- These changes could disable biometric authentication, add unauthorized credentials, or disrupt physical access control
The vulnerability mechanism involves improper validation of operator permissions within the Morpho integration module. When an authenticated user interacts with Morpho device management functions, the system fails to properly enforce site-level permission boundaries, exposing sensitive device information and configuration capabilities. For complete technical details, refer to the Gallagher Security Advisory.
Detection Methods for CVE-2025-47699
Indicators of Compromise
- Unexpected configuration changes to Morpho biometric devices by operators with limited site permissions
- Audit log entries showing access to Morpho device settings from operator accounts that should not have such privileges
- Anomalous patterns of Morpho device queries or modifications from authenticated sessions
- Unusual access patterns to physical access control system configurations
Detection Strategies
- Review Command Centre Server audit logs for operator actions that exceed their assigned site permissions
- Monitor for configuration changes to Morpho devices that do not correlate with authorized change requests
- Implement alerting on access to Morpho integration functions by operators without explicit Morpho management permissions
- Cross-reference operator activity logs with their assigned permission levels to identify potential exploitation attempts
Monitoring Recommendations
- Enable comprehensive audit logging for all Morpho integration activities in Command Centre Server
- Implement real-time alerting for critical configuration changes to biometric devices
- Regularly review operator permission assignments and compare against actual system access patterns
- Deploy network monitoring to track unusual traffic patterns to Command Centre Server endpoints
How to Mitigate CVE-2025-47699
Immediate Actions Required
- Upgrade Gallagher Command Centre Server to the patched versions: vEL9.30.2482 (MR2), vEL9.20.2819 (MR4), vEL9.10.3672 (MR7), or vEL9.00.3831 (MR8)
- Audit current operator permissions and restrict Morpho integration access to only those who require it
- Review audit logs for any suspicious Morpho device configuration changes by low-privilege operators
- Consider temporarily disabling Morpho integration functionality until patches can be applied if exploitation is suspected
Patch Information
Gallagher has released security updates addressing this vulnerability across multiple Command Centre Server versions. Organizations should upgrade to the following minimum versions:
| Version Branch | Patched Version |
|---|---|
| 9.30 | vEL9.30.2482 (MR2) |
| 9.20 | vEL9.20.2819 (MR4) |
| 9.10 | vEL9.10.3672 (MR7) |
| 9.00 | vEL9.00.3831 (MR8) |
Organizations running version 8.90 or earlier must upgrade to a supported version branch as no patches are available for these legacy releases. For detailed patch information, consult the Gallagher Security Advisory.
Workarounds
- Restrict network access to Command Centre Server to trusted management networks only
- Implement strict operator permission reviews and apply the principle of least privilege
- Monitor and alert on all Morpho integration activities until patches are deployed
- Consider disabling the Morpho integration module if not actively required in your environment
# Example: Review operator permissions in Command Centre
# Audit all operators with any Morpho-related permissions
# Consult Gallagher documentation for proper permission auditing procedures
# Recommended: Implement network segmentation for Command Centre Server
# Restrict access to trusted management VLANs and monitor all access attempts
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
