Cleartext Storage Vulnerability in Command Centre Mobile Client by Gallagher
CVE-2025-47147

5.7MEDIUM

Key Information:

Vendor: Gallagher
Status: Command Centre Mobile Client
Vendor: CVE Published:; 3 March 2026

What is CVE-2025-47147?

A vulnerability exists in the Command Centre Mobile Client for Android and iOS where sensitive information is stored in cleartext. This allows an attacker with access to a logged-in operator's mobile device to extract session tokens, potentially leading to exploitation of the application's access for a limited period. This issue impacts versions prior to 9.40.123, emphasizing the need for users to update to secure their sensitive data.

Affected Version(s)

Command Centre Mobile Client Android 9.40

References

https://security.gallagher.com/en-NZ/Security-Advisories/...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2026
Vulnerability Reserved
Jun 17, 2025

CVE-2025-47147 Data

JSON