CVE-2025-20060

Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized Actor

Description

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

Remediation

Solution:

Dario Health recommends users update their Dario Health Android mobile application to the latest version. No other actions are required by users.

Workaround:

Dario Health recommends users perform the following mitigations: * Update the application from trusted sources. * Don't use rooted/jailbroken devices. * Avoid public untrusted network. * For more information contact Dario Health https://www.dariohealth.com/contact/ directly.

References

Link	Tags
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-058-01
https://www.dariohealth.com/contact/

Frequently Asked Questions

What is the severity of CVE-2025-20060?: CVE-2025-20060 has been scored as a high severity vulnerability.
How to fix CVE-2025-20060?: To fix CVE-2025-20060: Dario Health recommends users update their Dario Health Android mobile application to the latest version. No other actions are required by users.
Is CVE-2025-20060 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-20060 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-20060?: CVE-2025-20060 affects Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Applications, Dario Health Dario Application Database and Internet-based Server Infrastructure.

Description

Remediation

Category

CWE-359 – Exposure of Private Personal Information to an Unauthorized Actor

References

Frequently Asked Questions