← back
CVE-2025-14346

CVE-2025-14346

CVSS 9.3 CRITICALEPSS 5.5%CWE-306
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 5.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
WHILL · Model C2 Electric WheelchairWHILL · Model F Power Chair

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01