Command Centre Mobile Client stores sensitive data in plain text, risking data theft

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.7

Command Centre Mobile Client stores sensitive data in plain text, risking data theft

CVE-2025-47147

Summary

The Command Centre Mobile Client on Android and iOS stores sensitive information, like session tokens, in plain text. This means that if an attacker gains access to a logged-in user's device, they could steal this sensitive data and use it to access the system for a short time. To fix this, update the Command Centre Mobile Client to version 9.40.123 or later.

Original title

Original description

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration.

This issue affects Command Centre Mobile Client versions prior to 9.40.123.

nvd CVSS3.1 5.7

Vulnerability type

CWE-312 Cleartext Storage of Sensitive Information

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47147

Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026