CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-24843: Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Storage of Sensitive Data in a Mechanism without Access Control

5.1 CVSS

Description

Insecure file retrieval process that facilitates potential for file manipulation to affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.

Classification

CVE ID: CVE-2025-24843

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Problem Types

CWE-921

Affected Products

Vendor: Dario Health, Dario Health

Product: USB-C Blood Glucose Monitoring System Starter Kit Android Applications, Dario Application Database and Internet-based Server Infrastructure

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.52% (scored less or equal to compared to others)

EPSS Date: 2025-03-29 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-24843
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-058-01
https://www.dariohealth.com/contact/

Timeline

2025-02-28 17:40:15 UTC
CVE

Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Storage of Sensitive Data in a Mechanism without Access Control