CVE-2026-25193 HIGH

CVE-2026-25193

Vendor Gallagher
Product Command Centre Server
Weakness CWE-532 · Sensitive info in logs
Published May 25, 2026
Last update May 26, 2026

CVSS base score

8.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

What the vulnerability does

01Description

Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.

Key dates

02Disclosure timeline

May 25, 2026 CVE published
May 26, 2026 Record updated