CVE-2026-25193
8.1 HIGHInsertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account creden...
Published: 2026-05-25 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H
- CWE
- CWE-532
Description
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2025-46313 — A logging issue was addressed with improved data redaction (5.5 MEDIUM)
- CVE-2026-0267 — An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured p...
- CVE-2026-9751 — The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in p... (5.5 MEDIUM)
- CVE-2026-9735 — MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication (5.5 MEDIUM)
- CVE-2026-45581 — fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs (5.5 MEDIUM)