Cleartext Storage of Sensitive Information

CVE-2025-47147

Medium

5.7/10

Summary

Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the session token and exploit access for a limited duration. This issue affects Command Centre Mobile Client versions prior to 9.40.123.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-312 - Cleartext Storage of Sensitive Information

The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References

Advisory Timeline

Published Mar 03, 2026

Cleartext Storage of Sensitive Information

CVE-2025-47147

Summary

CWE-312 - Cleartext Storage of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS