CVE-2025-47147 PUBLISHED

Assigner: Gallagher
Reserved: 17.06.2025 Published: 03.03.2026 Updated: 03.03.2026

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration.

This issue affects Command Centre Mobile Client versions prior to 9.40.123.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 5.7

Attack Vector	Local	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Gallagher
Product	Command Centre Mobile Client
Versions	Default: affected affected from 9.40 to 9.40.123 (excl.)

References

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47147

Problem Types

CWE-312 Cleartext Storage of Sensitive Information CWE