CVE-2025-54808 Oxford Nanopore Technologies CVE debrief

Who should care

Operators of MinKNOW-based sequencing systems, lab IT administrators, OT/ICS security teams, and endpoint defenders responsible for hosts running MinKNOW 24.11 or earlier—especially where multiple local users exist or Remote Connect is enabled.

Technical summary

CISA’s CSAF advisory states that MinKNOW at or prior to version 24.11 stores authentication tokens in /tmp on the host machine. Because /tmp is typically world-readable, local users or applications may be able to access the token. Successful remote misuse requires Remote Connect to be enabled; the advisory notes this may be enabled intentionally for operations or by malware with elevated privileges. The source rates the issue CVSS 3.1 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Defensive priority

High. Upgrade affected systems as soon as possible, and treat any MinKNOW 24.11-or-earlier host with Remote Connect enabled as urgent to review.

Recommended defensive actions

• Upgrade to MinKNOW versions later than 24.11.
• Keep Remote Connect disabled unless it is strictly required, and enable it only within trusted network environments.
• Install and maintain antivirus and malware-scanning tools on affected hosts.
• If you cannot upgrade immediately, contact Oxford Nanopore Support for configuration guidance.
• Review MinKNOW hosts for unnecessary local access exposure and investigate any unexpected Remote Connect use or token handling issues.

Evidence notes

The supplied CISA CSAF advisory (ICSMA-25-294-01) and source record were initially published on 2025-10-21, with the same modified date in the provided timeline. The advisory says MinKNOW at or prior to 24.11 stores authentication tokens in /tmp, that /tmp is typically world-readable, that remote misuse requires Remote Connect to be enabled, and that developer tokens can be created with arbitrary expiration dates. The provided CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Official resources