Data Transmission Vulnerability in Medical Monitoring Systems by CISA
CVE-2025-0683
What is CVE-2025-0683?
The medical monitoring system transmits patient data in plain text to a hard-coded public IP address in its default configuration. This flaw poses a risk of confidential patient information being intercepted by unauthorized devices or attackers in a man-in-the-middle attack. This risk could lead to severe privacy violations, making it crucial for organizations to assess their configurations and protect patient data adequately.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
CMS8000 Patient Monitor All versions
News Articles
The Hacker NewsCVE-2025-0683CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors
Unpatched vulnerabilities in Contec CMS8000 patient monitors expose devices to remote access, file overwrites, and data leaks.
References
CVSS V4
Timeline
- ๐ฐ
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved