CVE-2025-23421

Summary

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.

Affected Software

VendorProductVersion RangeStatus
QardioHeart Health IOS Mobile Application2.7.4affected
QardioHeart Health Android Mobile Application2.5.1affected

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

Workarounds

Qardio has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Qardio customer support https://www.qardio.com/about-us/#contact for additional information. Users should do the following to help mitigate the risk:

  • Disable Bluetooth when not in use.

  • Don't use this device in public or within Bluetooth range of malicious actors.

  • Only use trusted mobile apps from trusted providers.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References