ZOLL ePCR IOS Mobile Application
Summary
A vulnerability exists in ZOLL ePCR IOS Mobile Application 2.6.7 (CVE-2025-12699) that could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The application reflects unsanitized user input into a WebView, allowing for arbitrary local file reads from the app's runtime context. The ZOLL ePCR IOS application was decommissioned in May 2025, and ZOLL has no current plans to provide a replacement application.
IFF Assessment
The vulnerability allows attackers to access sensitive information.
Severity
Defender Context
This vulnerability highlights the risks associated with unsanitized user input in mobile applications and the potential for accessing sensitive data through local file reads. Defenders should be aware of similar vulnerabilities in other mobile applications, especially those dealing with PHI. While the application is decommissioned, any residual data or systems that relied on it should be carefully monitored and secured.