During the installation of Gallagher Command Centre Service components, the setup process writes sensitive information, such as service account credentials, to log files. This direct exposure of secrets can lead to credential leakage, compromising account integrity and potentially granting unauthorized access. The weakness is classified as CWE‑532, insertion of sensitive information into logs.

The affected products include all Gallagher services that rely on the Command Centre Service installer, such as Gallagher:Active Directory Sync, Gallagher:Cardholder Sync Utility, Gallagher:Command Centre Server, Gallagher:Diagnostics Service, Gallagher:Elevator Service, Gallagher:Encoding Kiosk Application, Gallagher:Entra ID Sync, Gallagher:Event Logger, Gallagher:Event Sync Utility, Gallagher:Middleware Framework, Gallagher:Nexudus Integration, Gallagher:Okta Sync, Gallagher:Papercut Interface Integration, and Gallagher:SIP Integration. Version details are not specified; any installation that uses a custom service account rather than the default Network Service account may be exposed.

The CVSS score of 8.1 indicates a high severity, but the EPSS score is unavailable, making the exact exploitation likelihood difficult to assess. This vulnerability is local in nature; it can be exploited during installation or by anyone who has performed a legitimate installation with a custom service account. Because the exposure concerns credentials that grant administrative or service-level privileges, the impact of successful exploitation could be significant. The issue is not listed in CISA’s KEV catalog, yet the potential for credential compromise warrants immediate action, especially on environments where custom service accounts are employed.