CVE-2025-10937
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-27
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oxford_nanopore_technologies | mindknow | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Oxford Nanopore Technologies' MinKNOW software (version 24.11 or earlier), where a temporary file storing the local authentication token is created in a directory accessible to all users. An unauthorized local user or process can place a file lock on this temporary token file using the flock system call, preventing MinKNOW from completing the token generation. As a result, no valid local token is created, causing the software to be unable to execute commands on the sequencer and leading to a denial-of-service (DoS) condition that blocks sequencing operations.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial-of-service (DoS) condition on the MinKNOW software, which prevents it from executing commands on the sequencer. This means sequencing operations can be blocked, potentially disrupting workflows that depend on the sequencer's functionality.