Firmware Exposure Vulnerability in Qardio Health Applications
CVE-2025-23421

6.9MEDIUM

Key Information:

Vendor: Qardio
Status: Heart Health iOS Mobile Application; Heart Health Android Mobile Application
Vendor: CVE Published:; 13 February 2025

What is CVE-2025-23421?

The Qardio iOS and Android applications exhibit a vulnerability that allows attackers to access firmware files. This exposure enables reverse engineering of the firmware, which poses a significant risk to the confidentiality and integrity of hardware devices associated with the applications. Users of Qardio health monitoring products should take immediate action to secure their devices to prevent potential exploitation.

Affected Version(s)

Heart Health Android Mobile Application 2.5.1

Heart Health IOS Mobile Application 2.7.4

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

https://www.qardio.com/about-us/#contact

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 13, 2025
Vulnerability Reserved
Feb 10, 2025

Credit

Bryan Riggins of Insulet Corporation reported these vulnerabilities to CISA.