CVE-2025-64734

LOW

Command Centre Server <9.30.251028a-9.10.251028a - DoS

Title source: llm

Description

Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.

References (1)

[Various Sources] https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-64734

Scores

CVSS v3 2.4

EPSS 0.0003

EPSS Percentile 6.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-772

Status draft

Timeline

Published Nov 18, 2025

Tracked Since Feb 18, 2026