← Volver a CVEs
CVE-2025-47699
CRITICAL9.9
Descripcion
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), 9.00 prior to vEL9.00.3831 (MR8), all versions of 8.90 and prior.
Detalles CVE
Puntuacion CVSS v3.19.9
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/23/2025
Ultima modificacion10/27/2025
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-497
Referencias
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47699(disclosures@gallagher.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.