CVE-2025-24836

HIGH

Python Script - DoS

Title source: llm

Description

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition.

References (2)

[Various Sources] https://www.qardio.com/about-us/#contact

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-044-01

Scores

CVSS v3 7.1

EPSS 0.0005

EPSS Percentile 15.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-248

Status published

Products (3)

Qardio/Heart Health Android Mobile Application 2.5.1

Qardio/Heart Health IOS Mobile Application 2.7.4

Qardio/QardioARM All versions

Published Feb 13, 2025

Tracked Since Feb 18, 2026