CVE-2025-47147

Summary

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration.

This issue affects Command Centre Mobile Client versions prior to 9.40.123.

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Centre Mobile Client9.40 < 9.40.123affected

Weaknesses

  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References