CVE-2025-47147
📋 TL;DR
This vulnerability allows attackers with physical access to a logged-in operator's mobile device to extract session tokens stored in cleartext. Attackers can then use these tokens to gain unauthorized access to the Command Centre system for a limited duration. This affects Android and iOS users of Command Centre Mobile Client versions before 9.40.123.
💻 Affected Systems
- Command Centre Mobile Client
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains temporary administrative access to the physical security system, potentially allowing them to disable alarms, unlock doors, or manipulate security settings.
Likely Case
An attacker with brief physical access to an unlocked device extracts session tokens and gains limited unauthorized access to the security management system.
If Mitigated
With proper device security controls, the risk is reduced to authorized users who might accidentally expose tokens through device sharing or loss.
🎯 Exploit Status
Exploitation requires physical access to the mobile device and the ability to extract cleartext data from the app's storage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.40.123 or later
Vendor Advisory: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47147
Restart Required: Yes
Instructions:
1. Update the Command Centre Mobile Client app to version 9.40.123 or later from the official app store. 2. Restart the mobile device after installation. 3. Ensure all operators log out and back in to generate new encrypted session tokens.
🔧 Temporary Workarounds
Enforce Mobile Device Security Policies
allImplement strict device security controls to prevent unauthorized physical access to operator devices.
Implement Session Timeout Policies
allConfigure the Command Centre server to enforce shorter session timeouts to limit token validity duration.
🧯 If You Can't Patch
- Implement strict physical security controls for operator mobile devices (screen locks, device encryption, remote wipe capabilities).
- Enforce policies requiring operators to log out of the mobile app when not actively using it.
🔍 How to Verify
Check if Vulnerable:
Check the app version in the mobile device's app settings. If version is below 9.40.123, the device is vulnerable.Check Version:
On mobile device: Settings > Apps > Command Centre Mobile Client > App InfoVerify Fix Applied:
Confirm the app version is 9.40.123 or higher in the device's app settings, then verify session tokens are no longer stored in cleartext using mobile security analysis tools.📡 Detection & Monitoring
Log Indicators:
- Multiple login attempts from different devices using the same session token
- Unusual access patterns from mobile devices
Network Indicators:
- Session tokens transmitted in cleartext (though this is a storage issue, not transmission)
SIEM Query:
source="command_centre" AND (event="multiple_device_login" OR event="suspicious_session_activity")