CVE-2025-20060 Dario Health CVE debrief

Who should care

People using the Dario Health Android application, healthcare and IT teams supporting patients who use the app, and mobile security defenders responsible for protecting health data on Android devices.

Technical summary

The advisory describes a confidentiality issue affecting the Dario Health Android application database and the data it handles on the Android device. The published CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, which aligns with a network-reachable exposure that requires no privileges or user interaction and primarily impacts confidentiality. The source material does not provide affected version details beyond the starter kit Android applications and associated database/server infrastructure.

Defensive priority

High. The issue is rated CVSS 7.5 (HIGH) and involves exposure of PII and personal health information, which increases the impact for users and organizations handling sensitive medical data.

Recommended defensive actions

• Update the Dario Health Android mobile application to the latest version from trusted sources.
• Avoid using rooted or jailbroken devices with the application.
• Avoid public untrusted networks when using the application.
• If you support affected users, validate that devices and app installs are current and sourced from trusted channels.
• Contact Dario Health for product-specific guidance if needed.

Evidence notes

This debrief is based on CISA’s CSAF advisory ICSMA-25-058-01 and the supplied CVE metadata. The advisory states that an attacker could expose cross-user PII and personal health information transmitted to the Android device via the Dario Health application database. The same source lists the mitigation to update the Android application to the latest version and recommends avoiding rooted/jailbroken devices and public untrusted networks. No exploit details or affected-version granularity were provided in the supplied corpus.

Official resources