CVE-2025-47147
Cleartext Session Token Storage in Command Centre Mobile Client
Publication date: 2026-03-03
Last updated on: 2026-03-03
Assigner: Gallagher Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gallagher | command_centre_mobile_client | to 9.40.123 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2025-47147 is a vulnerability in the Command Centre Mobile Client for Android and iOS versions prior to 9.40.123. It involves the cleartext storage of sensitive information, specifically session tokens, on the mobile device. This means that an attacker who has physical or logical access to a logged-in Operator's mobile device could extract these session tokens."}, {'type': 'paragraph', 'content': 'Because the session tokens are stored without encryption, the attacker could use them to gain unauthorized access to the system for a limited duration.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with local access and high privileges on your mobile device to extract session tokens stored in cleartext. Using these tokens, the attacker could impersonate the logged-in Operator and gain unauthorized access to the Command Centre system for a limited time.
The impact affects the confidentiality and integrity of your data and sessions, but it does not affect system availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves the cleartext storage of session tokens on the Command Centre Mobile Client on Android and iOS devices. Detection requires access to the mobile device to inspect stored data for session tokens saved in cleartext.'}, {'type': 'paragraph', 'content': "Since exploitation requires local access with high privileges, network detection is unlikely. Instead, manual inspection on the device or forensic analysis of the app's storage areas is needed."}, {'type': 'paragraph', 'content': "Suggested commands or steps include accessing the mobile device's file system (e.g., using Android Debug Bridge (adb) for Android devices) to search for session token files or data stored in cleartext within the app's storage directories."}, {'type': 'list_item', 'content': 'For Android devices, use: adb shell to access the device shell.'}, {'type': 'list_item', 'content': "Navigate to the app's data directory, typically under /data/data/com.gallagher.commandcentre/ or similar."}, {'type': 'list_item', 'content': 'Use commands like grep or cat to search for session tokens or sensitive strings in files.'}, {'type': 'paragraph', 'content': 'For iOS devices, similar inspection requires jailbroken devices and use of tools like ssh or file system explorers to locate and examine stored session tokens.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately upgrade the Command Centre Mobile Client on all Android and iOS devices to version 9.40.123 or later, where the issue is resolved.
Restrict physical and logical access to mobile devices used by Operators to prevent unauthorized extraction of session tokens.
Enforce strong device security policies such as screen locks, encryption, and limited user privileges to reduce the risk of token extraction.
Consider invalidating existing session tokens and requiring re-authentication after the update to prevent misuse of any previously exposed tokens.