CVE-2025-52578

EUVD-2025-197913

18.11.2025, 04:15

Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications.

This issue affects Command Centre Server:

9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.

PRNG

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.7 MEDIUM	PHYSICAL	HIGH	NONE	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Gallagher	CNA	5.7 MEDIUM	PHYSICAL	HIGH	NONE	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Common Weakness Enumeration

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
The software uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.

References

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-52578