#VU105342 Storage of Sensitive Data in a Mechanism without Access Control in USB-C Blood Glucose Monitoring System Starter Kit Android Applications and Dario Application Database and Internet-based Server Infrastructure - CVE-2025-24843
Vulnerability identifier: #VU105342
Vulnerability risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-921
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
USB-C Blood Glucose Monitoring System Starter Kit Android Applications
Mobile applications /
Apps for mobile phones
Dario Application Database and Internet-based Server Infrastructure
Other software /
Other software solutions
Vendor: DarioHealth Corp
Description
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to insecure file retrieval process that facilitates potential for file manipulation. A local attacker can affect product stability and confidentiality, integrity, authenticity, and attestation of stored data.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
USB-C Blood Glucose Monitoring System Starter Kit Android Applications: 5.8.7.0.36
Dario Application Database and Internet-based Server Infrastructure: All versions
External links
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-058-01
https://www.dariohealth.com/contact/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
