CVE-2025-54808 affects Oxford Nanopore Technologies MinKNOW version 24.11 and earlier. The advisory says MinKNOW stores authentication tokens in a file under the system temporary directory (/tmp), which is typically world-readable on the host. That can let another local user or application read the token. If the token is exposed and Remote Connect is enabled, an attacker can use it to establish unauthoriz [truncated]
MEDIUMOxford Nanopore TechnologiesCVE published 2025-10-21
CVE-2025-10937 is a local denial-of-service issue in Oxford Nanopore Technologies MinKNOW. On affected versions at or prior to 24.11, startup creates a temporary file for the local authentication token in a directory accessible to all users. A local user or process can place a flock lock on that temporary file, preventing token generation and stopping MinKNOW from executing commands on the sequencer. The [truncated]
HIGHOxford Nanopore TechnologiesCVE published 2025-10-21
CVE-2024-35585 affects Oxford Nanopore Technologies MinKNOW and was published by CISA on 2025-10-21 as ICSMA-25-294-01. The advisory says remote access is enabled by default and authentication relies on the host computer’s IP address. An attacker on the same network can discover the IP address, for example through port scanning, and access the sequencer by using a legitimate or temporary Oxford Nanopore a [truncated]
