CVE-2025-0683

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Jan 30, 2025

Updated: Jan 31, 2025

CWE ID 359

Summary

CVE-2025-0683 is a cybersecurity vulnerability affecting Contec Health's CMS8000 Patient Monitor. By default, the device transmits plain-text patient data to a hard-coded public IP address when a patient is connected. This configuration error exposes confidential patient data to any device with the IP address, or potentially to an attacker in a man-in-the-middle scenario. The vulnerability could lead to significant privacy breaches and potential misuse of sensitive patient information. It is recommended that affected organizations update their device configurations to prevent unauthorized access to patient data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database