CVE-2025-47147

MEDIUM

Command Centre Mobile Client <9.40.123 - Info Disclosure

Title source: llm

Description

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123.

References (1)

[Various Sources] https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47147

Scores

CVSS v3 5.7

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-312

Status published

Products (1)

Gallagher/Command Centre Mobile Client 9.40 - 9.40.123

Published Mar 03, 2026

Tracked Since Mar 03, 2026