CVE-2025-52457 – HBUS Command Centre Server Key Extraction Timing Vulnerability

CVE ID : CVE-2025-52457

Published : Nov. 18, 2025, 4:15 a.m. | 49 minutes ago

Description : Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security.

This issue affects Command Centre Server:

9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…