CVE-2025-44003

Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125 kHz Card Technology is enabled. This issue affects T-Series Readers: 9.20 prior to vCR9.20.250213a (distributed in 9.20.1827 (MR2)), 9.10 prior to vCR9.10.250213a (distributed in 9.10.2692(MR5)), 9.00 prior to vCR9.00.250619a (distributed in vEL9.00.3371 (MR7)), all versions of 8.90 and prior.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-44003

Configurations

No configuration.

History

10 Jul 2025, 13:17

Type	Values Removed	Values Added
Summary		(es) La falta de liberación de recursos tras el tiempo de vida útil (CWE-772) en el lector Gallagher Serie T permite a un atacante con acceso físico al lector realizar una denegación de servicio limitada cuando la tecnología de tarjeta de 125 kHz está habilitada. Este problema afecta a los lectores Serie T: versiones 9.20 anteriores a vCR9.20.250213a (distribuida en 9.20.1827 (MR2)), versiones 9.10 anteriores a vCR9.10.250213a (distribuida en 9.10.2692 (MR5)), versiones 9.00 anteriores a vCR9.00.250619a (distribuida en vEL9.00.3371 (MR7)), y todas las versiones de 8.90 y anteriores.

10 Jul 2025, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 03:15

Updated : 2025-07-10 13:17

NVD link : CVE-2025-44003

Mitre link : CVE-2025-44003

CVE.ORG link : CVE-2025-44003

JSON object : View

Products Affected

No product.

CWE

CWE-772

Missing Release of Resource after Effective Lifetime

4.3 /10