CVE-2025-24836

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 13, 2025

CWE ID 248

Summary

CVE-2025-24836 is a vulnerability affecting certain medical devices. An attacker can exploit this issue by sending excessive startMeasurement commands over an unencrypted Bluetooth connection. This flood of requests prevents the device from connecting to a clinician's app, denying patient readings and potentially causing a denial-of-service condition. The vulnerability can be exploited using a specially designed Python script.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3OkE21
https://www.cve.org/CVERecord?id=CVE-2025-24836
https://nvd.nist.gov/vuln/detail/CVE-2025-24836

Back to Vulnerability Database

CVE-2025-24836

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations