Hidden functionality in CMS8000 Patient Monitor - CVE-2025-0626
Published: January 31, 2025 / Updated: February 5, 2025
Vulnerability identifier: #VU103464
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2025-0626
CWE-ID: CWE-912
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Contec
Affected software:
CMS8000 Patient Monitor
CMS8000 Patient Monitor
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2025-0626
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.