CVE-2026-25193
Description
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted.
Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2026-25193 exposes Service Account credentials in installer log files of Gallagher Command Centre Services, affecting custom accounts.
Vulnerability
The vulnerability is an insertion of sensitive information into log files (CWE-532) in multiple Gallagher Command Centre Service installers. When a custom Service Account (not the default Network Service) is used during installation, the installer logs may contain the Service Account password. Affected components include Command Centre Server vEL9.40 (fixed in 9.40.2575 MR2), Active Directory Sync (fixed in 9.10.05), Cardholder Sync Utility (fixed in 9.30.104), Diagnostics Service (fixed in 2.0.9), Elevator Service (fixed in 10.0.8), Encoding Kiosk Application (fixed in 9.60.10), Entra ID Sync v1 (fixed in v1.0.10), Entra ID Sync v2 (fixed in 2.0.5), Event Sync Utility (fixed in 8.70.62), Gallagher Event Logger (fixed in 8.90.16), Middleware Framework (fixed in 8.90.34), Nexudus Integration (fixed in 9.60.21), Okta Sync (fixed in 9.40.05), Papercut Interface Integration (fixed in 9.60.02), and others [1].
Exploitation
An attacker with local access to the system and low privileges (PR:L) can exploit this vulnerability by reading installer log files typically located in %programdata%\Gallagher\Command Centre. User interaction (UI:R) is required, likely to open or access the log file. The attacker does not need authentication beyond local user access. The log files contain the Service Account password in plaintext if a custom account was used during installation [1].
Impact
Successful exploitation leads to disclosure of the Service Account password (confidentiality impact: low, as only the password is exposed). With the password, the attacker can potentially gain high integrity and high availability impact (CVSS I:H, A:H) by using the compromised account to modify system configurations or disrupt services. The scope is changed (S:C) because the compromised account may have privileges beyond the local system [1].
Mitigation
Gallagher has released fixed versions for all affected components as listed in the advisory [1]. For sites concerned about exposure, the recommended immediate action is to change the Service Account password and delete any existing installer log files found in %programdata%\Gallagher\Command Centre. The vulnerability is not exploitable if the default Network Service account is used. No workaround is needed if the password is changed and logs are removed [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.