PatchSiren cyber security CVE debrief
CVE-2025-59668 NIHON KOHDEN CVE debrief
CVE-2025-59668 affects NIHON KOHDEN Central Monitor CNS-6201 and can be triggered by a specially crafted UDP packet when the service is reachable on the network. The result is a NULL pointer dereference in the receiving process, which terminates abnormally and creates a denial-of-service condition. Because the issue is unauthenticated and network-reachable, defenders should treat exposed CNS-6201 deployments as high priority for segmentation, traffic restriction, and migration planning.
- Vendor
- NIHON KOHDEN
- Product
- Central Monitor CNS-6201
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-23
- Original CVE updated
- 2025-10-23
- Advisory published
- 2025-10-23
- Advisory updated
- 2025-10-23
Who should care
Hospitals and healthcare operators using NIHON KOHDEN CNS-6201, especially biomedical engineering teams, network administrators, OT/medical device security staff, and incident responders responsible for monitoring network-reachable clinical systems.
Technical summary
The advisory describes a NULL pointer dereference in the CNS-6201 receiving process. An attacker who can reach the UDP service may send a specially crafted packet to crash the process, causing service interruption. No authentication is required. The vendor notes the affected versions are no longer supported, and recommends migration to successor products.
Defensive priority
High. The vulnerability is network-reachable, requires no authentication, and impacts availability. Although the impact is denial of service rather than code execution, unsupported product status and potential exposure on a reachable UDP service make segmentation and replacement urgent.
Recommended defensive actions
- Migrate away from CNS-6201 to supported successor products as recommended by NIHON KOHDEN.
- Isolate affected devices from the Internet and from untrusted systems.
- Place a firewall or router between the monitored network and other networks, and allow only the minimum necessary communications.
- Monitor and log network traffic attempting to reach the affected products, especially UDP traffic.
- Use redundant monitoring paths such as a bedside monitor or medical telemetry system to reduce operational impact if CNS-6201 becomes unavailable.
- Follow the NIHON KOHDEN product security portal and the CISA ICS recommended practices for additional defensive guidance.
Evidence notes
CISA’s CSAF advisory ICSMA-25-296-01 and the CVE description both state that a specially crafted UDP packet can cause a NULL pointer dereference and crash the receiving process. The advisory also states the affected versions are unsupported, with U.S. maintenance ending in September 2024. The CVE was published and modified on 2025-10-23, and no KEV entry is indicated in the supplied enrichment data.
Official resources
-
CVE-2025-59668 CVE record
CVE.org
-
CVE-2025-59668 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE-2025-59668 was publicly disclosed by CISA in ICSMA-25-296-01 on 2025-10-23. The supplied record identifies NIHON KOHDEN Central Monitor CNS-6201 as the affected product and indicates the issue is a network-reachable, unauthenticated DoS