#VU103464 Hidden functionality in CMS8000 Patient Monitor - CVE-2025-0626
Published: January 31, 2025 / Updated: February 5, 2025
Vulnerability identifier: #VU103464
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2025-0626
CWE-ID: CWE-912
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
CMS8000 Patient Monitor
CMS8000 Patient Monitor
Software vendor:
Contec
Contec
Description
The vulnerability allows a remote attacker to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote attacker can use this functionality to gain full access to the application and compromise the affected system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.