CVE-2025-52457
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-52457
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过时间差异性导致的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Gallagher HBUS Devices 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Gallagher HBUS Devices是新西兰Gallagher公司的一个门禁与警报外设设备系列。 Gallagher HBUS Devices存在安全漏洞,该漏洞源于可观察的时间差异,可能导致提取设备特定密钥。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Gallagher | HBUS Devices | 0 ~ 9.00 | - |
II. Public POCs for CVE-2025-52457
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-52457
请登录查看更多情报信息。
Same Patch Batch · Gallagher · 2025-11-18 · 3 CVEs total
| CVE-2025-52578 | 5.7 MEDIUM | Gallagher HBUS Devices 安全漏洞 |
| CVE-2025-64734 | 2.4 LOW | Gallagher T-Series Reader 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-208
- CVE-2026-41588
RELATE: Timing Attack Vulnerability in course/auth.py — chec - CVE-2026-41161
Username Enumeration via Timing Attack - CVE-2026-33006
Apache HTTP Server: mod_auth_digest timing attack - CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-41407
OpenClaw < 2026.4.2 - Timing Side Channel in Shared-Secret C
V. Comments for CVE-2025-52457
No comments yet