{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14346", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2025-12-09T14:54:28.374Z", "datePublished": "2026-01-05T15:39:19.710Z", "dateUpdated": "2026-01-05T21:20:30.650Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Model C2 Electric Wheelchair", "vendor": "WHILL", "versions": [{"status": "affected", "version": "all"}]}, {"defaultStatus": "unaffected", "product": "Model F Power Chair", "vendor": "WHILL", "versions": [{"status": "affected", "version": "all"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Billy Rios of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Jesse Young of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Brandon Rothel of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Jonathan Butts of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Henri Hein of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Justin Boling of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Nick Kulesza of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Ken Natividad of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Carl Schuett of the Exploit Development Team - QED Secure Solutions"}], "datePublic": "2025-12-29T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.</span>"}], "value": "WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-01-05T15:39:19.710Z"}, "references": [{"tags": ["government-resource"], "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01"}], "source": {"advisory": "ICSMA-25-364-01", "discovery": "UNKNOWN"}, "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "WHILL has deployed the following fixes on December 29th, 2025: <br><br>Device-Side Speed Profile Protection:<br>* Implemented a safeguard in the wheelchair firmware to prevent unauthorized modification of speed profiles from the mobile application. <br><br>Unlock Command Restriction During Motion:<br>* Block unlock commands issued from either the mobile app or the smart key while the wheelchair is in motion. <br><br>Application JSON File Obfuscation:<br>* Obfuscate the configuration files used by the mobile application by converting JSON files into a binary format on both Android and iOS platforms.<br>"}], "value": "WHILL has deployed the following fixes on December 29th, 2025: \n\nDevice-Side Speed Profile Protection:\n* Implemented a safeguard in the wheelchair firmware to prevent unauthorized modification of speed profiles from the mobile application. \n\nUnlock Command Restriction During Motion:\n* Block unlock commands issued from either the mobile app or the smart key while the wheelchair is in motion. \n\nApplication JSON File Obfuscation:\n* Obfuscate the configuration files used by the mobile application by converting JSON files into a binary format on both Android and iOS platforms."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-05T21:20:21.128157Z", "id": "CVE-2025-14346", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T21:20:30.650Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14346", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-05T21:20:21.128157Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T21:20:27.327Z"}}], "cna": {"source": {"advisory": "ICSMA-25-364-01", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Billy Rios of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Jesse Young of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Brandon Rothel of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Jonathan Butts of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Henri Hein of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Justin Boling of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Nick Kulesza of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Ken Natividad of the Exploit Development Team - QED Secure Solutions"}, {"lang": "en", "type": "finder", "value": "Carl Schuett of the Exploit Development Team - QED Secure Solutions"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WHILL", "product": "Model C2 Electric Wheelchair", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "unaffected"}, {"vendor": "WHILL", "product": "Model F Power Chair", "versions": [{"status": "affected", "version": "all"}], "defaultStatus": "unaffected"}], "datePublic": "2025-12-29T17:00:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01", "tags": ["government-resource"]}], "workarounds": [{"lang": "en", "value": "WHILL has deployed the following fixes on December 29th, 2025: \n\nDevice-Side Speed Profile Protection:\n* Implemented a safeguard in the wheelchair firmware to prevent unauthorized modification of speed profiles from the mobile application. \n\nUnlock Command Restriction During Motion:\n* Block unlock commands issued from either the mobile app or the smart key while the wheelchair is in motion. \n\nApplication JSON File Obfuscation:\n* Obfuscate the configuration files used by the mobile application by converting JSON files into a binary format on both Android and iOS platforms.", "supportingMedia": [{"type": "text/html", "value": "WHILL has deployed the following fixes on December 29th, 2025: <br><br>Device-Side Speed Profile Protection:<br>* Implemented a safeguard in the wheelchair firmware to prevent unauthorized modification of speed profiles from the mobile application. <br><br>Unlock Command Restriction During Motion:<br>* Block unlock commands issued from either the mobile app or the smart key while the wheelchair is in motion. <br><br>Application JSON File Obfuscation:<br>* Obfuscate the configuration files used by the mobile application by converting JSON files into a binary format on both Android and iOS platforms.<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-01-05T15:39:19.710Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14346", "state": "PUBLISHED", "dateUpdated": "2026-01-05T21:20:30.650Z", "dateReserved": "2025-12-09T14:54:28.374Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2026-01-05T15:39:19.710Z", "assignerShortName": "icscert"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction."}], "id": "CVE-2025-14346", "lastModified": "2026-01-05T16:15:41.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2026-01-05T16:15:41.843", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}

{}

{}