CVE-2025-23421

Qardio iOS and Android applications Files or Directories Accessible to External Parties

CVSS 6.9 MEDIUMEPSS 0.2%CWE-552

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.9EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 feb 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Productos afectados

Qardio · Heart Health Android Mobile Application Qardio · Heart Health IOS Mobile Application

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-044-01 https://www.qardio.com/about-us/#contact