CVE-2025-47147

MEDIUM5.7

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration

Published Mar 3, 2026

Modified Yesterday

Details

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration.

This issue affects Command Centre Mobile Client versions prior to 9.40.123.

References

WEB

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47147

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-47147

CVSS Analysis

CVSS v3.1

5.7

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

HighAC:H

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

NoneA:N

5.7/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Weakness Type (CWE)

Other

CWE-312

Ecosystems

Timeline

PublishedMar 3, 2026

ModifiedMar 3, 2026