CVE-2025-23405 Dario Health CVE debrief

Who should care

Users, administrators, and support teams responsible for the Dario Health Android application and the associated system should pay attention, especially anyone handling app deployment, device hardening, or log-based incident response.

Technical summary

The supplied CISA CSAF advisory (ICSMA-25-058-01) identifies an unauthenticated issue in the Dario Health Android application. The advisory states that the flaw can affect log collection/metrics and incident-response activities and may present a log injection risk. The provided CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, reflecting a network-reachable, no-privileges, no-user-interaction issue with integrity impact only in the source rating.

Defensive priority

Medium. Prioritize the vendor update promptly because the issue is unauthenticated and network-reachable in the source CVSS vector, even though it is not listed as a CISA KEV item.

Recommended defensive actions

• Update the Dario Health Android mobile application to the latest version from a trusted source.
• Verify that app installs and updates come only from trusted sources.
• Avoid using rooted or jailbroken devices with the application.
• Avoid public or otherwise untrusted networks when using the application.
• If you need additional guidance, contact Dario Health through its official contact channel.

Evidence notes

Primary evidence comes from the supplied CISA CSAF source item for ICSMA-25-058-01, which includes the product name, the advisory description, the CVSS v3.1 vector and score, publication timing, and the vendor mitigation guidance. Official reference links in the corpus also include the CVE record and the CISA advisory landing page. No exploit code, proof-of-concept details, or affected-version list beyond the supplied advisory metadata were used.

Official resources