CVE-2025-47147
CWE-312Published: March 3, 2026· Updated: Mar 3, 2026
Official Description
Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration.
This issue affects Command Centre Mobile Client versions prior to 9.40.123.
Technical Analysis
CVE-2025-47147 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires high privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), with a CVSS base score of 5.7.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
All References (1)
Quick Facts
Related CVEs (CWE-312)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2025-47147 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts