CVE-2025-23421
MEDIUMQardio Heart Health iOS <2.7.4 & Android <2.5.1 - Firmware Exposure
Title source: llmDescription
An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.
References (2)
Core 2
Core References
Various Sources
https://www.qardio.com/about-us/#contact
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-044-01
Scores
CVSS v3
6.4
EPSS
0.0021
EPSS Percentile
11.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-552
Status
published
Products (2)
Qardio/Heart Health Android Mobile Application
2.5.1
Qardio/Heart Health IOS Mobile Application
2.7.4
Published
Feb 13, 2025
Tracked Since
Feb 18, 2026