Command Centre Server CVE-2025-48430: Uncaught Exception Crashes < vEL9.30.2482
CVE-2025-48430 Published on October 23, 2025
Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Vulnerability Analysis
CVE-2025-48430 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Uncaught Exception
An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to crash or expose sensitive information.
Products Associated with CVE-2025-48430
Want to know whenever a new CVE is published for Gallagher Command Centre? stack.watch will email you.
Affected Versions
Gallagher Command Centre Server:- Before and including 8.90 is affected.
- Version 9.30 and below 9.30.2482 (MR2) is affected.
- Version 9.20 and below 9.20.2819 (MR4) is affected.
- Version 9.10 and below 9.10.3672 (MR7) is affected.
- Version 9.00 and below 9.00.3831 (MR8) is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.