Refine your search
1 vulnerability found for T-Series Readers by Gallagher
CVE-2025-44003 (GCVE-0-2025-44003)
Vulnerability from cvelistv5
Published
2025-07-10 03:09
Modified
2025-07-10 13:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Summary
Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled.
This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in vEL9.00.3371 (MR7)), all versions of 8.90 and prior.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Gallagher | T-Series Readers |
Version: 0 < Version: 9.20 < vCR9.20.250213a Version: 9.10 < vCR9.10.250213a Version: 9.00 < vCR9.00.250619a |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-44003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T13:11:06.416095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T13:11:13.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "T-Series Readers",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "8.90",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vCR9.20.250213a",
"status": "affected",
"version": "9.20",
"versionType": "custom"
},
{
"lessThan": "vCR9.10.250213a",
"status": "affected",
"version": "9.10",
"versionType": "custom"
},
{
"lessThan": "vCR9.00.250619a",
"status": "affected",
"version": "9.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMissing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled.\u003c/span\u003e\n\n\u003cp\u003eThis issue affects T-Series Readers: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in \u0026nbsp;vEL9.00.3371 (MR7)), \u0026nbsp;all versions of 8.90 and prior. \u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled.\n\nThis issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in \u00a0vEL9.00.3371 (MR7)), \u00a0all versions of 8.90 and prior."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T03:09:43.640Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-44003"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2025-44003",
"datePublished": "2025-07-10T03:09:43.640Z",
"dateReserved": "2025-06-17T02:18:59.237Z",
"dateUpdated": "2025-07-10T13:11:13.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}