CVE-2025-23405

Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Improper Output Neutralization For Logs

Description

Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks (ex log injection).

Solution:

Dario Health recommends users update their Dario Health Android mobile application to the latest version. No other actions are required by users.

Workaround:

Dario Health recommends users perform the following mitigations: * Update the application from trusted sources. * Don't use rooted/jailbroken devices. * Avoid public untrusted network. * For more information contact Dario Health https://www.dariohealth.com/contact/ directly.

Link	Tags
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-058-01
https://www.dariohealth.com/contact/

What is the severity of CVE-2025-23405?: CVE-2025-23405 has been scored as a medium severity vulnerability.
How to fix CVE-2025-23405?: To fix CVE-2025-23405: Dario Health recommends users update their Dario Health Android mobile application to the latest version. No other actions are required by users.
Is CVE-2025-23405 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-23405 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-23405?: CVE-2025-23405 affects Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Applications, Dario Health Dario Application Database and Internet-based Server Infrastructure.