MEDIUM
ZOLL
CVE published 2026-02-10
CVE-2025-12699
CVE-2025-12699 is a client-side injection issue in the ZOLL ePCR iOS Mobile Application 2.6.7. In CISA's 2026-02-10 advisory, attacker-controlled text entered into PCR fields such as run number, incident, call sign, and notes can be rendered in a WebView without proper sanitization and interpreted as HTML/JavaScript. The advisory's proof of concept shows injected script returning local file content, which [truncated]