CVE-2025-54304
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-04

Last updated on: 2025-12-16

Assigner: MITRE

Description
An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from 127.0.0.1 and 192.168.2.15. If a device is powered on and later connected to a network with DHCP, the device may not be assigned the 192.168.2.15 IP address, leaving the display server accessible by other devices on the network. The exposed X11 display server can then be used to gain root privileges and the ability to execute code remotely by interacting with matchbox-desktop and spawning a terminal. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-04
Last Modified
2025-12-16
Generated
2026-05-07
AI Q&A
2025-12-04
EPSS Evaluated
2026-05-05
NVD
CVE-2025-54304
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
thermofisher ion_torrent_onetouch_2_firmware *
thermofisher ion_torrent_onetouch_2 *
thermofisher ion_torrent_onetouch_2_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices where an X11 display server starts on power-up and listens on all network interfaces via port 6000. By default, the server allows connections only from specific IP addresses (127.0.0.1 and 192.168.2.15). However, if the device is connected to a network with DHCP and does not receive the expected IP address, the display server becomes accessible to other devices on the network. This exposure allows attackers to gain root privileges and execute code remotely by interacting with the matchbox-desktop environment and spawning a terminal.


How can this vulnerability impact me? :

If exploited, this vulnerability can allow an attacker on the same network to gain root privileges on the affected device and execute arbitrary code remotely. This could lead to full control over the device, potentially compromising sensitive data, disrupting device operation, or using the device as a foothold for further attacks within the network.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking if the Thermo Fisher Ion Torrent OneTouch 2 INS1005527 device is running an X11 display server listening on port 6000 on all network interfaces. For example, use the command 'netstat -an | grep 6000' or 'ss -tuln | grep 6000' on the device to see if port 6000 is open and listening. Additionally, verify the IP address assigned to the device to see if it differs from 192.168.2.15, which may indicate exposure to other network devices.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting network access to the X11 display server by configuring firewall rules to block incoming connections on port 6000 from unauthorized IP addresses. Ensure the device is assigned the expected IP address (192.168.2.15) or isolate it on a trusted network segment. Since the product is no longer supported, consider disconnecting the device from untrusted networks or replacing it with a supported alternative.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart