Cyber Posture

CVE-2025-20060

High

Published: 28 February 2025

Published
28 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0017 37.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20060 is a high-severity Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) vulnerability in Cisa (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-19 (Access Control for Mobile Devices) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for logical access to the Dario Health application database, preventing remote unauthenticated attackers from exposing cross-user PII and personal health information.

SC-28 Protection of Information at Rest good match
prevent

Implements cryptographic protection for PII and personal health information at rest in the application database, mitigating disclosure even if unauthorized access occurs.

AC-19 Access Control for Mobile Devices good match
prevent

Controls connections, usage, and access for mobile devices and applications like Dario Health on Android, restricting exploitation of database vulnerabilities remotely.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

CVE enables remote unauthenticated access to sensitive data in the app database (T1190) and directly facilitates collection of local stored information (T1005).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.

Deeper analysisAI

CVE-2025-20060 is a vulnerability in the Dario Health application on Android devices that enables an attacker to expose cross-user personal identifiable information (PII) and personal health information transmitted to and stored in the application's database. Published on 2025-02-28, it is associated with CWE-359 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high confidentiality impact from remote exploitation with low complexity and no authentication or user interaction required.

Remote attackers require no privileges and can exploit the vulnerability over the network to read sensitive cross-user PII and personal health data from the Dario Health app database on affected Android devices, potentially compromising privacy for multiple users without impacting integrity or availability.

Mitigation guidance is available in the CISA ICS Medical Advisory ICSMA-25-058-01 at https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-058-01, with additional support via Dario Health at https://www.dariohealth.com/contact/.

Details

CWE(s)
CWE-359

Affected Products

Cisa
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-24735Shared CWE-359
CVE-2026-6765Shared CWE-359
CVE-2020-37173Shared CWE-359
CVE-2024-11396Shared CWE-359
CVE-2026-34226Shared CWE-359
CVE-2024-11216Shared CWE-359

References