CVE-2025-54808
BaseFortify
Publication date: 2025-10-23
Last updated on: 2025-10-27
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oxford_nanopore_technologies | minknow | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Oxford Nanopore Technologies' MinKNOW software versions at or prior to 24.11. The software stores authentication tokens in a file located in the system's temporary directory (/tmp), which is typically world-readable. This means any local user or application can access the token. If the token is leaked, for example through malware or other local exploits, and if remote access is enabled, an attacker can use the token to establish unauthorized remote connections to the sequencer. Remote access must be enabled either by the user or by malware with elevated privileges. Exploiting this vulnerability can allow an attacker to generate developer tokens with arbitrary expiration dates, enabling persistent access and bypassing standard authentication mechanisms. [3]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized remote access to the sequencing device, allowing attackers to bypass authentication controls. This can result in persistent unauthorized access, data exfiltration, manipulation of sequencing operations, and potential disruption of sequencing activities. If exploited, it may also allow attackers to generate developer tokens with arbitrary expiration dates, maintaining long-term access to the device. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking for the presence of authentication token files stored in the system's temporary directory (/tmp) that are world-readable. You can use commands like `ls -l /tmp` to look for suspicious files related to MinKNOW tokens. Additionally, verify if remote access is enabled on the sequencer, as remote access must be enabled for exploitation. Commands to check active remote connections or listening services (e.g., `netstat -tuln` or `ss -tuln`) may help identify if remote access is enabled. Monitoring for unusual token files or unexpected remote access services can indicate vulnerability presence. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading MinKNOW software to versions later than 24.11. If upgrading is not immediately possible, disable Remote Connect unless it is strictly necessary and only enable it within trusted networks. Maintain antivirus and malware protection to reduce the risk of local exploits. Additionally, minimize network exposure of the sequencer by isolating it behind firewalls and using secure remote access methods such as VPNs. Perform impact analysis and risk assessments before deploying defenses and follow recommended cybersecurity best practices for industrial control systems. [3]