Skip to main content

Diagnostics Service

1 CVEs product

Monthly

CVE-2026-25193 HIGH PATCH This Week

Credential exposure in Gallagher Command Centre Service installers writes Service Account credentials into installer log files under %programdata%\Gallagher\Command Centre, allowing a local low-privileged user who can read those logs to recover the configured Service Account password. The flaw (CWE-532) affects a broad set of Gallagher Command Centre components including Command Centre Server, Active Directory Sync, Entra ID Sync, Elevator Service, Middleware Framework and others, but only when the operator deviated from the default Network Service account during install. There is no public exploit identified at time of analysis and EPSS is 0.01%, but a successful read yields high-impact credential compromise of a privileged service identity.

Information Disclosure Command Centre Server Active Directory Sync Cardholder Sync Utility Diagnostics Service +11
NVD
CVSS 3.1
8.1
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Credential exposure in Gallagher Command Centre Service installers writes Service Account credentials into installer log files under %programdata%\Gallagher\Command Centre, allowing a local low-privileged user who can read those logs to recover the configured Service Account password. The flaw (CWE-532) affects a broad set of Gallagher Command Centre components including Command Centre Server, Active Directory Sync, Entra ID Sync, Elevator Service, Middleware Framework and others, but only when the operator deviated from the default Network Service account during install. There is no public exploit identified at time of analysis and EPSS is 0.01%, but a successful read yields high-impact credential compromise of a privileged service identity.

Information Disclosure Command Centre Server Active Directory Sync +13
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy