Successful exploitation of these vulnerabilities could allow an attacker to remotely send specially formatted UDP requests or connect to an unknown external network that would allow them to write arbitrary data, resulting in remote code execution. The device may also leak patient information and sensor data to the same unknown external network. Simultaneous exploitation of all vulnerable devices on a shared network is possible.
The Food and Drug Administration (FDA) has released a safety communication in connection with these vulnerabilities.
CISA has released an additional Fact Sheet for CVE-2025-0626 and CVE-2025-0683.
CISA Number: ICSMA-25-030-01
CVE Number: Multiple
Vendor Website:
Additional Information:
Leave a Reply
You must be logged in to post a comment.