U.S. authorities are warning of a backdoor and data breach in two types of patient monitors used in hospitals, among other places. At issue are China's Contec CMS8000 and Epsimed MN-120 patient monitors.
The first security vulnerability, CVE-2025-0626, involves a backdoor: "The reverse backdoor provides automatic connectivity from Contec CMS8000 devices for a hard-coded IP address, allowing the device to execute unverified remote files. Public records show that the IP address is not linked to a medical device manufacturer or medical institution, but a third-party university," the U.S. CISA said. Which university is involved, CISA did not say. American tech news website Bleeping Computer reports that the IP address in question would be linked to a Chinese university.
The other vulnerability, CVE-2025-0683, occurs during startup. The monitors then send patient information to the same IP address used by the backdoor. If the network interface is disabled, a routine from the patient monitor activates it and data is still sent. Even after installing a firmware update from Contec, the backdoor is still present, CISA reports.
Click here for CISA's message.
