CVE-2025-20060

Summary

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

Affected Software

VendorProductVersion RangeStatus
Dario HealthUSB-C Blood Glucose Monitoring System Starter Kit Android Applications0 < 5.8.7.0.36affected
Dario HealthDario Application Database and Internet-based Server InfrastructureAll versionsaffected

Weaknesses

  • CWE-359: CWE-359

Workarounds

Dario Health recommends users perform the following mitigations: 

  • Update the application from trusted sources. 

  • Don't use rooted/jailbroken devices. 

  • Avoid public untrusted network. 

  • For more information contact Dario Health https://www.dariohealth.com/contact/  directly.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References