Authentication Bypass Vulnerability in Philips Medical Devices
CVE-2025-2230

8.5HIGH

Key Information:

Vendor
Philips
Status
Intellispace Cardiovascular (iscv)
Vendor
CVE Published:
13 March 2025

Summary

A security flaw in the login procedure of Philips medical devices allows attackers to exploit the AuthContext token. This vulnerability can lead to unauthorized access through replay attacks, enabling potential manipulation of sensitive operations. Organizations using affected Philips products are advised to implement security measures promptly.

Affected Version(s)

Intellispace Cardiovascular (ISCV) 0 <= 5.1

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...
https://www.philips.com/a-w/security/security-advisories....

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Joe Dillon reported these vulnerabilities to Philips.
.