CVE-2025-20615

EPSS 0.06%
Veröffentlicht 13.02.2025 22:15:11
Zuletzt bearbeitet 24.03.2025 13:39:29
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The Qardio Arm iOS application exposes sensitive data such as usernames 
and passwords in a plist file. This allows an attacker to log in to 
production-level development accounts and access an engineering backdoor
 in the application. The engineering backdoor allows the attacker to 
send hex-based commands over a UI-based terminal.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qardio ≫ Qardio Version2.7.4 SwPlatformiphone_os

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.201

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.6	0.7	5.9	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	6.2	0.7	5.5	CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-044-01

US Government Resource

https://www.qardio.com/about-us/#contact

Product

https://nvd.nist.gov/vuln/detail/CVE-2025-20615

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20615

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20615

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-20615