CVE-2025-20060

Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized Actor

CVSS 8.7 HIGHEPSS 0.4%CWE-359

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Dario Health · Dario Application Database and Internet-based Server Infrastructure Dario Health · USB-C Blood Glucose Monitoring System Starter Kit Android Applications

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-058-01 https://www.dariohealth.com/contact/