ICSMA-25-058-01 · Published 2025-02-27 · View on CISA ICS-CERT ↗

Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to expose information, inject code, manipulate data, or achieve cross-site scripting (XSS), resulting in full session compromise.

CVEs (7)

CVE-2025-20060 CVE-2025-23405 CVE-2025-24843 CVE-2025-24849 CVE-2025-20049 CVE-2025-24318 CVE-2025-24316

Remediations

Dario Health recommends users update their Dario Health Android mobile application to the latest version. No other actions are required by users.
Dario Health recommends users perform the following mitigations:
Update the application from trusted sources.
Don't use rooted/jailbroken devices.
Avoid public untrusted networks *-* For more information contact Dario Health directly.
Avoid public untrusted networks
For more information contact Dario Health directly.

Affected Vendors

Dario Health

Affected Products (2)

Dario Health · USB-C Blood Glucose Monitoring System Starter Kit Android Applications <=5.8.7.0.36

Dario Health · Dario Application Database and Internet-based Server Infrastructure vers:all/*

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more