CVE-2025-24836— Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-24836
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception
Source: NVD (National Vulnerability Database)
Vulnerability Description
With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests, resulting in a denial-of-service condition.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未捕获的异常
Source: NVD (National Vulnerability Database)
Vulnerability Title
Qardio Heart Health 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Qardio Heart Health是美国Qardio公司的一个心脏监控管理软件。 Qardio Heart Health存在安全漏洞,该漏洞源于利用特制的 Python 脚本通过未加密的蓝牙连接向受影响的设备发送连续的 startMeasurement 命令,这将阻止设备连接到临床医生的应用程序以获取患者的数据,并表面上向其发送大量请求,导致拒绝服务的情况。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Qardio | Heart Health IOS Mobile Application | 2.7.4 | - | |
| Qardio | Heart Health Android Mobile Application | 2.5.1 | - | |
| Qardio | QardioARM | All versions | - |
II. Public POCs for CVE-2025-24836
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-24836
请登录查看更多情报信息。
Same Patch Batch · Qardio · 2025-02-13 · 3 CVEs total
| CVE-2025-23421 | 6.4 MEDIUM | Qardio iOS and Android applications Files or Directories Accessible to External Parties |
| CVE-2025-20615 | 6.2 MEDIUM | Qardio Heart Health IOS Mobile Application Exposure of Private Personal Information to an |
IV. Related Vulnerabilities
Same weakness: CWE-248
- CVE-2026-41585
ZEBRA: Denial of Service via Interrupted JSON-RPC Requests f - CVE-2026-7183
aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp De - CVE-2026-5937
Foxit PDF Editor/Reader's insufficient parameter validation - CVE-2026-35348
uutils coreutils sort Local Denial of Service via Forced UTF - CVE-2026-34944
Wasmtime segfault or unused out-of-sandbox load with `f64x2.
V. Comments for CVE-2025-24836
No comments yet