CVE-2025-24849

Summary

Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure.

Affected Software

VendorProductVersion RangeStatus
Dario HealthUSB-C Blood Glucose Monitoring System Starter Kit Android Applications0 < 5.8.7.0.36affected
Dario HealthDario Application Database and Internet-based Server InfrastructureAll versionsaffected

Weaknesses

  • CWE-319: CWE-319 Cleartext Transmission of Sensitive Information

Workarounds

Dario Health recommends users perform the following mitigations: 

  • Update the application from trusted sources. 

  • Don't use rooted/jailbroken devices. 

  • Avoid public untrusted network. 

  • For more information contact Dario Health https://www.dariohealth.com/contact/  directly.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References