CVE-2025-47147 Cleartext — Exploit & Vulnerability Details MEDIUM

CVE-2025-47147

MEDIUM CVSS 3.1: 5.7 EPSS 0.01%

Parameter	Value
CVSS	5.7 (MEDIUM)
Affected Versions	before 9.40.123.
Type	CWE-312
Vendor	Cleartext
Public PoC	No

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

High

Difficult to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-312

References 1

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47147

disclosures@gallagher.com

Share Post Share Share Share

Menu

CVE-2025-47147

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Menu

CVE-2025-47147

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

CVE Details

Editor's Choice

Stay informed on cybersecurity