CVE-2025-64734

LOW

Command Centre Server <9.30.251028a-9.10.251028a - DoS

Title source: llm

Description

Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific reader, preventing cardholders from badging for entry. This issue affects Command Centre Server: 9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.

References (1)

[Various Sources] https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-64734

Scores

CVSS v3 2.4

EPSS 0.0002

EPSS Percentile 6.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-772

Status published

Products (4)

Gallagher/T21 Reader < 9.00

Gallagher/T21 Reader 9.10 - vCR9.10.251028a

Gallagher/T21 Reader 9.20 - vCR9.20.251028a

Gallagher/T21 Reader 9.30 - vCR9.30.251028a

Published Nov 18, 2025

Tracked Since Feb 18, 2026