CVE-2026-25193 Gallagher CVE debrief

Who should care

System administrators managing Gallagher Command Centre deployments, security teams responsible for credential management and privilege access, and organizations using custom Service Accounts for Command Centre Services should prioritize assessment and mitigation. This vulnerability is particularly relevant for enterprises with strict credential rotation policies and those subject to compliance requirements for privileged access management.

Technical summary

The vulnerability exists in the Command Centre Service installer where sensitive information (Service Account credentials) is written to log files during installation. This occurs specifically when administrators configure a custom Service Account instead of accepting the default Network Service account. The log files are typically created in %programdata%

Defensive priority

HIGH

Recommended defensive actions

• Review Command Centre Service installations to identify any deployments using custom Service Accounts rather than the default Network Service account
• For systems using custom Service Accounts, rotate the Service Account password immediately
• Delete installer log files located in %programdata%
• Gallagher
• Command Centre on affected systems
• Audit file system permissions on %programdata%
• Gallagher directories to ensure least privilege access
• Monitor for unauthorized access attempts to Service Account credentials or anomalous authentication patterns using these accounts

Evidence notes

The vulnerability description and mitigation guidance originate from Gallagher's security advisory ([email protected]) as referenced in NVD. CVSS 3.1 vector confirms local attack vector with scope change. The vendor field indicates 'Unknown Vendor' with low confidence and needsReview flag set to true, though the evidence points to Gallagher as the affected vendor based on reference domain candidate and security advisory URL.

Official resources