PatchSiren cyber security CVE debrief
CVE-2024-35585 Oxford Nanopore Technologies CVE debrief
CVE-2024-35585 affects Oxford Nanopore Technologies MinKNOW and was published by CISA on 2025-10-21 as ICSMA-25-294-01. The advisory says remote access is enabled by default and authentication relies on the host computer’s IP address. An attacker on the same network can discover the IP address, for example through port scanning, and access the sequencer by using a legitimate or temporary Oxford Nanopore account. Once connected, the attacker may observe sequencing activity, pause or stop data collection, and redirect output data to another location.
- Vendor
- Oxford Nanopore Technologies
- Product
- MinKNOW
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-10-21
- Original CVE updated
- 2025-10-21
- Advisory published
- 2025-10-21
- Advisory updated
- 2025-10-21
Who should care
Laboratories, research teams, and operational staff using MinKNOW on sequencing systems should treat this as a high-priority exposure, especially where the sequencer is reachable from shared or untrusted networks. Network and endpoint defenders supporting these environments should also review configuration, segmentation, and account access controls.
Technical summary
The advisory describes a default-enabled remote access condition in MinKNOW where access control is tied to the IP address of the host computer rather than stronger authentication controls. Because the service is reachable over the network, an adjacent attacker can identify the host address on the local network and then connect using a legitimate or temporary Oxford Nanopore account. The stated impact includes surveillance of sequencing activity, interruption of data collection, and redirection of output data. The source assigns CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L, reflecting network reachability and meaningful confidentiality, integrity, and availability impact.
Defensive priority
High — the issue is network-reachable, enabled by default, and can directly affect sequencing operations and data handling.
Recommended defensive actions
- Upgrade MinKNOW to a version later than 24.11, which the vendor says eliminates the vulnerabilities described in the advisory.
- If an immediate upgrade is not possible, keep Remote Connect disabled unless it is strictly required.
- Only enable Remote Connect within trusted network environments.
- For systems that cannot be upgraded right away, contact Oxford Nanopore Support for guidance on securing the configuration.
- Maintain antivirus and malware-scanning tools on endpoints to help reduce denial-of-service conditions associated with local exploitation or malware.
- Review network exposure and restrict access to sequencing systems so they are not reachable from broader shared networks.
Evidence notes
This debrief is based on the CISA CSAF advisory for Oxford Nanopore Technologies MinKNOW (ICSMA-25-294-01), which states that remote access is enabled by default, authentication depends on the host IP address, and same-network attackers may gain access by using a legitimate or temporary Oxford Nanopore account. The advisory also states the operational impacts: observing sequencing activity, pausing or stopping data collection, and redirecting output data. Vendor remediation guidance in the source calls for upgrading beyond MinKNOW 24.11 and disabling Remote Connect unless needed.
Official resources
-
CVE-2024-35585 CVE record
CVE.org
-
CVE-2024-35585 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CVE published and advisory initially published on 2025-10-21; no KEV listing is indicated in the supplied source data.