Overview
CVE-2025-64734 describes a “Missing Release of Resource after Effective Lifetime” vulnerability (CWE-772) affecting the Gallagher T21 Reader. This vulnerability allows an attacker with physical access to the reader to trigger a denial-of-service (DoS) condition, preventing legitimate cardholders from using the reader for entry. The impact is limited to the specific reader being attacked.
Technical Details
The vulnerability stems from the T21 Reader failing to properly release resources after their intended lifespan. An attacker with physical access can exploit this by repeatedly triggering a specific function on the reader, leading to resource exhaustion. Eventually, the reader becomes unresponsive and unable to process card swipes, resulting in a denial of service. The specific mechanism for triggering this resource exhaustion isn’t publicly detailed, requiring physical access to the device for investigation.
This issue affects the following versions of Gallagher Command Centre Server:
- 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3))
- 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5))
- 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8))
- All versions of 9.00 and prior
CVSS Analysis
The vulnerability has a CVSS v3.1 score of 2.4 (LOW). The CVSS vector string is likely AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. This reflects the following:
- Attack Vector (AV:P): Physical access is required.
- Attack Complexity (AC:L): Low attack complexity.
- Privileges Required (PR:N): No privileges are required.
- User Interaction (UI:N): No user interaction is required.
- Scope (S:U): Unchanged.
- Confidentiality Impact (C:N): No impact to confidentiality.
- Integrity Impact (I:N): No impact to integrity.
- Availability Impact (A:L): Low impact to availability.
Due to the requirement for physical access and the relatively low impact (DoS on a single reader), the severity is considered low.
Possible Impact
The primary impact of this vulnerability is a temporary denial-of-service on the affected T21 Reader. This prevents authorized personnel from using their access cards to enter the secured area. While the impact is localized, it can still disrupt operations and potentially create security risks if alternative entry methods are not readily available or properly secured.
The fact that physical access is required limits the scale of a potential attack. However, a malicious insider or someone who can gain unauthorized physical access could exploit the vulnerability.
Mitigation and Patch Steps
Gallagher has released patches to address this vulnerability. It is highly recommended that users of affected Command Centre Server versions upgrade to the following versions (or later):
- Command Centre Server 9.30.2881 (MR3) or later for users of the 9.30 branch.
- Command Centre Server 9.20.3265 (MR5) or later for users of the 9.20 branch.
- Command Centre Server 9.10.4135 (MR8) or later for users of the 9.10 branch.
For users on versions 9.00 and prior, upgrading to a supported and patched version is the recommended mitigation step.
In addition to patching, consider the following security best practices:
- Secure physical access to the T21 Readers.
- Monitor the readers for unusual activity.
- Implement robust access control policies.
