ICSMA-25-044-01 · Published 2025-02-13 · View on CISA ICS-CERT ↗

Qardio Heart Health IOS and Android Application and QardioARM A100

CVSS 7.1 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information, cause a denial-of-service condition, and obtain firmware files.

CVEs (3)

CVE-2025-20615 CVE-2025-24836 CVE-2025-23421

Remediations

Qardio has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact Qardio customer support for additional information.
Users should do the following to help mitigate the risk:
Disable Bluetooth when not in use.
Don't use this device in public or within Bluetooth range of malicious actors.
Only use trusted mobile apps from trusted providers.

Affected Vendors

Qardio

Affected Products (3)

Qardio · Qardio Heart Health IOS Mobile Application 2.7.4

Qardio · Qardio Heart Health Android Mobile Application 2.5.1

Qardio · QardioARM A100 vers:all/*

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more