CVE-2025-20615

Qardio Heart Health IOS Mobile Application Exposure of Private Personal Information to an Unauthorized Actor

Description

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based commands over a UI-based terminal.

INFO

Published Date :

2025-02-13T21:47:12.913Z

Last Modified :

2025-02-14T15:46:53.224Z

Source :

icscert

AFFECTED PRODUCTS

The following products are affected by CVE-2025-20615 vulnerability.

Vendors	Products
Qardio	Qardio

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20615.

URL	Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-044-01
https://www.qardio.com/about-us/#contact

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact