Search
Find a vulnerability
Search criteria
2 vulnerabilities found for navify Monitoring by Roche Diagnostics
CVE-2025-7674 (GCVE-0-2025-7674)
Vulnerability from nvd – Published: 2025-08-05 16:53 – Updated: 2025-08-05 20:32
VLAI
EPSS
VEX
Title
navify Monitoring API input validation
Summary
Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server's performance. This vulnerability has no impact on data confidentiality or integrity.
This issue affects navify Monitoring before 1.08.00.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://preview-owp.roche.com/content/dam/diagnos… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Roche Diagnostics | navify Monitoring |
Affected:
0 , < 1.08.00
(custom)
|
Date Public
2025-07-17 19:25
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T20:32:26.480959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T20:32:32.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "navify Monitoring",
"vendor": "Roche Diagnostics",
"versions": [
{
"lessThan": "1.08.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-17T19:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server\u0027s performance. This vulnerability has no impact on data confidentiality or integrity.\u003cbr\u003e\u003cp\u003eThis issue affects navify Monitoring before 1.08.00.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server\u0027s performance. This vulnerability has no impact on data confidentiality or integrity.\nThis issue affects navify Monitoring before 1.08.00."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T16:53:05.316Z",
"orgId": "5cdcf916-2b10-4ec8-bfc1-d054821e439e",
"shortName": "Roche"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://preview-owp.roche.com/content/dam/diagnostics/Blueprint/en/pdf/navify%20Monitoring%20-%20API%20Input%20Validation%20Vulnerability%20-%20Product%20Security%20Advisory.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "navify Monitoring API input validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5cdcf916-2b10-4ec8-bfc1-d054821e439e",
"assignerShortName": "Roche",
"cveId": "CVE-2025-7674",
"datePublished": "2025-08-05T16:53:05.316Z",
"dateReserved": "2025-07-15T11:09:36.967Z",
"dateUpdated": "2025-08-05T20:32:32.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7674 (GCVE-0-2025-7674)
Vulnerability from cvelistv5 – Published: 2025-08-05 16:53 – Updated: 2025-08-05 20:32
VLAI
EPSS
VEX
Title
navify Monitoring API input validation
Summary
Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server's performance. This vulnerability has no impact on data confidentiality or integrity.
This issue affects navify Monitoring before 1.08.00.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://preview-owp.roche.com/content/dam/diagnos… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Roche Diagnostics | navify Monitoring |
Affected:
0 , < 1.08.00
(custom)
|
Date Public
2025-07-17 19:25
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T20:32:26.480959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T20:32:32.486Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "navify Monitoring",
"vendor": "Roche Diagnostics",
"versions": [
{
"lessThan": "1.08.00",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-17T19:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server\u0027s performance. This vulnerability has no impact on data confidentiality or integrity.\u003cbr\u003e\u003cp\u003eThis issue affects navify Monitoring before 1.08.00.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively impacting the server\u0027s performance. This vulnerability has no impact on data confidentiality or integrity.\nThis issue affects navify Monitoring before 1.08.00."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T16:53:05.316Z",
"orgId": "5cdcf916-2b10-4ec8-bfc1-d054821e439e",
"shortName": "Roche"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://preview-owp.roche.com/content/dam/diagnostics/Blueprint/en/pdf/navify%20Monitoring%20-%20API%20Input%20Validation%20Vulnerability%20-%20Product%20Security%20Advisory.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "navify Monitoring API input validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5cdcf916-2b10-4ec8-bfc1-d054821e439e",
"assignerShortName": "Roche",
"cveId": "CVE-2025-7674",
"datePublished": "2025-08-05T16:53:05.316Z",
"dateReserved": "2025-07-15T11:09:36.967Z",
"dateUpdated": "2025-08-05T20:32:32.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}