Hackers Can Manipulate Your Heart Rate Monitor - Unbelievable Security Flaw! - #CVE-2025-0626
Critical vulnerabilities have been discovered in Contec CMS8000 and Epsimed MN-120 patient monitors, prompting warnings from CISA and the FDA. These flaws include a backdoor vulnerability (CVE-2025-0626) with a CVSS score of 7.7, an out-of-bounds write vulnerability (CVE-2024-12248) scoring 9.3, and a data exfiltration risk (CVE-2025-0683) rated at 8.2. The most severe issue allows remote access requests to bypass device network settings, potentially enabling unauthorized control and compromising patient data. While no known exploitations have been reported, healthcare organizations are advised to disconnect affected monitors, apply firmware updates, implement network segmentation, and enhance monitoring practices. This incident highlights the pressing need for improved cybersecurity measures in medical devices to protect patient safety and privacy.