Please find our Security Advisories here

Security Advisories

Windows Common Log File System (CLFS) Advisories (CVE-2025-32706 and CVE-2025-30397) (2025 May 20)

Publication Date: 2025 May 20

Update Date: 2025 May 20

Philips is currently monitoring developments and updates related to recently released vulnerabilities (CVE-2025-32706 and CVE-2025-30397) within the Microsoft Common Log File System (CLFS). These vulnerabilities allow threat actors to elevate privileges and execute code over a network, if successfully exploited. Both vulnerabilities are under active exploitation.

Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.

Philips is providing the list below to assist our customers in identifying any Philips’ products that could be impacted by this vulnerability. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

860343 - ST80i¹

For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below:

¹ Software only products with customer owned Operating Systems. Customers are responsible for applying applicable mitigations.

SAP NetWeaver Advisory (CVE-2025-31324) (2025 May 01)

Publication Date: 2025 May 1

Update Date: 2025 May 1

Philips is currently monitoring developments and updates related to a critical vulnerability in SAP NetWeaver (CVE-2025-31324). This is an unrestricted file upload vulnerability, allowing attackers to upload malicious files directly to the system without authorization.

At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate.

Apple Airplay Advisory (Multiple CVE's) (2025 April 24)

Publication Date: 2025 April 24

Update Date: 2025 April 24

Philips is currently monitoring developments and updates related to multiple vulnerabilities (CVE-2025-24129, CVE-2025-24126, CVE-2025-24131, CVE-2025-24177, CVE-2025-24137) that affect several Apple products. These vulnerabilities impact Airplay, Apple’s proprietary protocol for wireless communication between compatible devices.

Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.

Google Chrome Advisory (CVE-2025-3619 & CVE-2025-3620) (2025 April 21)

Publication Date: 2025 April 21

Update Date: 2025 April 21

Philips is currently monitoring developments and updates related to two Google Chrome vulnerabilities that could expose users’ data (CVE-2025-3619 and CVE-2025-3620). If exploited, they may allow malicious actors to bypass Chrome’s security mechanisms, gain foothold over affected devices, and extract confidential information ranging from login credentials to financial data. Google has released a critical security update for its Chrome browser, pushing version 135.0.7049.95/.96 to the Stable channel for Windows and macOS, and 135.0.7049.95 for Linux. The rollout is underway and will reach users over the coming days and weeks.

Windows Common Log File System (CLFS) Advisory (CVE-2025-29824) (2025 April 16)

Publication Date: 2025 April 16

Update Date: 2025 April 17

Philips is currently monitoring developments and updates related to a recently released 0-day vulnerability (CVE-2025-29824) within the Windows Common Log File System. This vulnerability can allow a remote attacker to run arbitrary code on a victim machine.

Microsoft has confirmed that this vulnerability has been actively exploited in the wild and has released a patch as part of their April security update.

881120 - Advanced Visualization Workspace 15 ¹	866131/866458/867061 - IntelliSpace Perinatal ¹	866009 - IntelliVue Guardian Software ¹
989706010001 - IntelliSpace Corsium ²	867019 - IntelliVue XDS¹	860343 - ST80i ¹
860443 - ECI Event and Device Readiness ²	881030 - IntelliSpace Portal 11/12¹

For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below:

¹Software only products with customer owned Operating Systems. Customers are responsible for applying applicable mitigations.

² Philips hosting and managed services businesses are in the process of evaluating and validating patches to the hosting and managed infrastructures.

Philips IntelliSpace Portal & Advanced Visualization Workspace Advisory (2025 April 10)

Publication Date: 2025 April 10

Update Date: 2025 April 10

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding potential vulnerabilities related to Philips IntelliSpace Portal 12(All versions) & Advanced Visualization Workspace (Version 15).

Under specific conditions, the potential security vulnerabilities identified by an external security researcher and validated by Philips could allow an attacker to compromise the confidentiality of internal server files as well as the host via unauthenticated remote code execution.

To date, Philips has not received any reports of patient harm, exploitation of these issues or incidents from clinical use that we have been able to associate with these issues.

Philips recommends the following mitigations:

• Mitigations for CVE-2025-3424 and CVE-2025-3425, are available in IntelliSpace Portal (ISP)12.1.10 and above. Please contact your local field service engineer (FSE) to enable remote secure communication.

• Mitigation for CVE-2025-3426 default hardcoded credentials

o Perform below steps:

• Login to PMT

• Reset password of Admin and service user

Note:

Some Windows operating systems may not be compatible with your current ISP \ AVW release. Prior to executing this change, advise with your local field service engineer with regards to supported Operating System versions per each ISP \AVW release (mentioned in the installation manuals).

Philips has reported this vulnerability publicly and to the appropriate government agencies, including the U.S. Cybersecurity Infrastructure and Security Agency (CISA), which will be issuing an advisory soon.

CrushFTP Advisory (CVE-2025-31161) (2025 April 7)

Publication Date: 2025 April 7

Update Date: 2025 April 7

Philips is currently monitoring developments and updates related to a critical authentication bypass vulnerability (CVE-2025-31161) that affects CrushFTP, a multi-protocol and multi-platform file transfer server. This vulnerability allows unauthenticated remote threat actors to access unpatched servers if they are publicly exposed over HTTP or HTTPS.

Vercel Next.js Advisory (CVE-2025-29927) (2025 April 4)

Publication Date: 2025 April 4

Update Date: 2025 April 4

Philips is currently monitoring developments and updates related to a critical authorization bypass (CVE-2025-29927) that affects Next.js. This framework’s middleware handling flaw enables attackers to bypass authentication and authorization, exposing sensitive routes to unauthorized access. Exploiting this vulnerability does not require authentication, providing attackers with direct access to protected routes.

Google Chromium Advisory (CVE-2025-2783) (2025 April 3)

Publication Date: 2025 April 3

Update Date: 2025 April 3

Philips is currently monitoring developments and updates related to a critical 0-day vulnerability (CVE-2025-2783) that affects Google Chromium. Successful exploitation of this vulnerability could allow an attacker to bypass Google Chromium’s sandbox protection. This vulnerability could affect multiple browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge and Opera.

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by the Chromium vulnerability. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

863381 - Device Management Dashboard A.02.01 ¹	860426 – IntelliSpace ECG Management System B.02.07 ¹	866389 - PIC ix ¹
860420 – Trace Master Vue 3.6 ¹

For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below:

¹ Software only products with customer owned Operating Systems. Customers are responsible for applying applicable mitigations.

Oracle Health Data Breach Advisory (2025 April 1)

Publication Date: 2025 April 1

Update Date: 2025 April 1

Philips is currently monitoring developments and updates related to reports of a potential Oracle Health data breach. Oracle Health, formerly known as Cerner Corporation, is yet to release an official statement confirming these reports.

Kubernetes (IngressNightmare) Advisory (2025 March 27)

Publication Date: 2025 March 27

Update Date: 2025 April 10

Philips is currently monitoring developments and updates related to a recently released Kubernetes advisory that addresses four critical vulnerabilities (CVE-2025-1974, CVE-2025-24514, CVE-2025-1098, CVE-2025-1097). These vulnerabilities, collectively named “IngressNightmare”, affect the Ingress NGINX Controller for Kubernetes.

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by the Kubernetes vulnerabilities. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

867113 - Focal Point v2.1 ¹

For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below:

¹ Philips hosting and managed services businesses are in the process of evaluating and validating patches to the hosting and managed infrastructures. Note: This only impacts those who have cloud connected solutions.

Apache Tomcat Advisory (CVE-2025-24813) (2025 March 21)

Publication Date: 2025 March 21

Update Date: 2025 March 21

Philips is currently monitoring developments and updates related to a critical vulnerability (CVE-2025-24813) that was disclosed by Apache Software Foundation. This critical vulnerability, if exploited, could allow a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat.

Broadcom VMware Advisory (VMSA-2025-0004) (2025 March 21)

Publication Date: 2025 March 21

Update Date: 2025 March 21

Philips is currently monitoring developments and updates related to a recently released VMware advisory VMSA-2025-0004. The advisory addresses three critical vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) that affect multiple VMware products.

Philips IntelliSpace Cardiovascular (ISCV) (2025 March 13)

Publication Date: 2025 March 13

Update Date: 2025 March 13

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding potential vulnerabilities related to Philips IntelliSpace Cardiovascular (ISCV) versions 4.1 and prior and versions 5.1 and prior.

Under specific conditions, the potential security vulnerabilities identified by an external security researcher and validated by Philips could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records.

To date, Philips has not received any reports of patient harm, exploitation of these issues or incidents from clinical use that we have been able to associate with these issues.

Philips recommends the following mitigations:

CVE-2025-2229: Resolved in ISCV 4.2 build 20589, which was released in May 2019.
CVE-2025-2230: Resolved in ISCV 5.2, which was released in September 2020.
Philips recommends users upgrade ISCV installed base to the latest ISCV version (at the time of this publication is 830089 – IntelliSpace Cardiovacular 8.0.0.0)
Please contact a local Philips sales (service) representative to learn how to engage this upgrade process.
For managed services users, new releases will be made available upon resource availability. Releases are subject to country-specific regulations.

Philips has reported this vulnerability publicly and to the appropriate government agencies, including the U.S. Cybersecurity Infrastructure and Security Agency (CISA), which is issuing an advisory.

CISA website: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01

Philips DICOM viewer (2025 February 26)

Publication Date: 2025 February 26

Update Date: 2025 February 26

Philips is aware of security researcher reports that a known hacker group is distributing malware disguised as Philips medical imaging viewer software (also known as DICOM viewer) to unsuspecting users via unauthorized sites and methods, including phishing techniques.

Philips DICOM viewer that is provided by or downloaded from authorized Philips sources – as required – is not affected by this issue and continues to be safe for use. This reported malware campaign does not originate with Philips products or services. Philips DICOM viewer from legitimate sources has not been exploited, and this is not a security vulnerability with the product itself.

Customers with questions about this issue may contact the Philips Product Security team at: productsecurity@philips.com

JQuery Advisory (CVE-2020-11023) (2025 February 21)

Publication Date: 2025 February 21

Update Date: 2025 February 25

Philips is currently monitoring developments and updates related to a critical vulnerability (CVE-2020-11023) which was first disclosed by JQuery in 2020 and was recently included in CISA’s Known Exploited Vulnerabilities Catalogue.

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by the JQuery vulnerability. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

867113 - Focal Point v2.1 & prior	839001 - Vue PACS 12.2 ²
866183 - IntelliBridge Enterprise (IBE 2.0, B.09, B.10, B.12) ¹	Vue Patient Center v1.0.25.0 (China Market Only)
866009 - IntelliVue Guardian Software E.00 & E.01	Vue RIS Web v2.1.28.0 (China Market Only)
867173 - VitalSky 2.4.0

For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below:

¹ Product versions listed above have reached End of Life and End of Support. Philips recommends upgrading to the latest version of IntelliBridge Enterprise (IBE) to mitigate this vulnerability.

² Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure. Please contact your local service support team.

Ivanti Endpoint Manager Advisory (Multiple CVE's) (2025 February 21)

Publication Date: 2025 February 21

Update Date: 2025 February 21

Philips is currently monitoring developments and updates related to multiple critical vulnerabilities discovered within Ivanti Endpoint Manager (EPM) CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159. Ivanti has released updates for Ivanti Endpoint Manager (EPM) which addresses these critical vulnerabilities.

Veeam Advisory (CVE-2025-231104) (2025 February 14)

Publication Date: 2025 February 14

Update Date: 2025 February 14

Philips is currently monitoring developments and updates related to a critical vulnerability (CVE-2025-23114) disclosed by Veeam, a Backup and disaster recovery Software company. This critical vulnerability, if exploited, could allow an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on an affected appliance server with root-level permissions.

7-Zip Advisory (CVE-2024-11477 & CVE-2025-0411) (2025 January 28)

Publication Date: 2025 January 28

Update Date: 2025 January 29

Philips is currently monitoring developments and updates related to two vulnerabilities (CVE-2024-11477 and CVE-2025-0411) within 7-Zip, a widely used open-source file archiving software. These critical vulnerabilities, if exploited, could allow remote attackers to execute malicious code on a victim’s system.

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by 7-Zip’s vulnerabilities. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

866389/867141 – PICix¹

¹ Information or patch available on InCenter.

Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.

Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.

Customers with specific questions regarding any security advisory or their Philips products are asked to send an e-mail to productsecurity@philips.com, contact their Philips Service Representative or contact their regional Philips Service Support.

Any media inquiries should be directed to:

Mario Fante, mario.fante@philips.com
or (outside N. America):
Steve Klink, steve.klink@philips.com