Publication Date: 2025 April 24 Update Date: 2025 April 24 Philips is currently monitoring developments and updates related to multiple vulnerabilities (CVE-2025-24129, CVE-2025-24126, CVE-2025-24131, CVE-2025-24177, CVE-2025-24137) that affect several Apple products. These vulnerabilities impact Airplay, Apple’s proprietary protocol for wireless communication between compatible devices. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.
At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate
Publication Date: 2025 April 21 Update Date: 2025 April 21 Philips is currently monitoring developments and updates related to two Google Chrome vulnerabilities that could expose users’ data (CVE-2025-3619 and CVE-2025-3620). If exploited, they may allow malicious actors to bypass Chrome’s security mechanisms, gain foothold over affected devices, and extract confidential information ranging from login credentials to financial data. Google has released a critical security update for its Chrome browser, pushing version 135.0.7049.95/.96 to the Stable channel for Windows and macOS, and 135.0.7049.95 for Linux. The rollout is underway and will reach users over the coming days and weeks. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.
Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.
At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate.
Publication Date: 2025 April 16 Update Date: 2025 April 17 Philips is currently monitoring developments and updates related to a recently released 0-day vulnerability (CVE-2025-29824) within the Windows Common Log File System. This vulnerability can allow a remote attacker to run arbitrary code on a victim machine. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Philips is providing the list below to assist our customers in identifying any Philips’ products that could be impacted by this vulnerability. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.
Microsoft has confirmed that this vulnerability has been actively exploited in the wild and has released a patch as part of their April security update.
881120 - Advanced Visualization Workspace 15 1 | 866131/866458/867061 - IntelliSpace Perinatal 1 | 866009 - IntelliVue Guardian Software 1 |
989706010001 - IntelliSpace Corsium 2 | 867019 - IntelliVue XDS 1 | 860343 - ST80i 1 |
860443 - ECI Event and Device Readiness 2 | 881030 - IntelliSpace Portal 11/12 1 | |
For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below: 1 Software only products with customer owned Operating Systems. Customers are responsible for applying applicable mitigations. 2 Philips hosting and managed services businesses are in the process of evaluating and validating patches to the hosting and managed infrastructures.
Publication Date: 2025 April 10 Update Date: 2025 April 10 In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding potential vulnerabilities related to Philips IntelliSpace Portal 12(All versions) & Advanced Visualization Workspace (Version 15). Under specific conditions, the potential security vulnerabilities identified by an external security researcher and validated by Philips could allow an attacker to compromise the confidentiality of internal server files as well as the host via unauthenticated remote code execution. Philips recommends the following mitigations: • Mitigations for CVE-2025-3424 and CVE-2025-3425, are available in IntelliSpace Portal (ISP)12.1.10 and above. Please contact your local field service engineer (FSE) to enable remote secure communication. • Mitigation for CVE-2025-3426 default hardcoded credentials o Perform below steps: • Login to PMT • Reset password of Admin and service user Note: Some Windows operating systems may not be compatible with your current ISP \ AVW release. Prior to executing this change, advise with your local field service engineer with regards to supported Operating System versions per each ISP \AVW release (mentioned in the installation manuals). Philips has reported this vulnerability publicly and to the appropriate government agencies, including the U.S. Cybersecurity Infrastructure and Security Agency (CISA), which will be issuing an advisory soon.
To date, Philips has not received any reports of patient harm, exploitation of these issues or incidents from clinical use that we have been able to associate with these issues.
Publication Date: 2025 April 7 Update Date: 2025 April 7 Philips is currently monitoring developments and updates related to a critical authentication bypass vulnerability (CVE-2025-31161) that affects CrushFTP, a multi-protocol and multi-platform file transfer server. This vulnerability allows unauthenticated remote threat actors to access unpatched servers if they are publicly exposed over HTTP or HTTPS. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.
At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate.
Publication Date: 2025 April 4 Update Date: 2025 April 4 Philips is currently monitoring developments and updates related to a critical authorization bypass (CVE-2025-29927) that affects Next.js. This framework’s middleware handling flaw enables attackers to bypass authentication and authorization, exposing sensitive routes to unauthorized access. Exploiting this vulnerability does not require authentication, providing attackers with direct access to protected routes. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.
At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate.
Publication Date: 2025 April 3 Update Date: 2025 April 3 Philips is currently monitoring developments and updates related to a critical 0-day vulnerability (CVE-2025-2783) that affects Google Chromium. Successful exploitation of this vulnerability could allow an attacker to bypass Google Chromium’s sandbox protection. This vulnerability could affect multiple browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge and Opera. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by the Chromium vulnerability. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.
863381 - Device Management Dashboard A.02.01 1 | 860426 – IntelliSpace ECG Management System B.02.07 1 | 866389 - PIC ix 1 |
860420 – Trace Master Vue 3.6 1 | | |
For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below: 1 Software only products with customer owned Operating Systems. Customers are responsible for applying applicable mitigations.
Publication Date: 2025 April 1 Update Date: 2025 April 1 Philips is currently monitoring developments and updates related to reports of a potential Oracle Health data breach. Oracle Health, formerly known as Cerner Corporation, is yet to release an official statement confirming these reports.
Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.
At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate.
Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.
Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.
Publication Date: 2025 March 27 Update Date: 2025 April 10 Philips is currently monitoring developments and updates related to a recently released Kubernetes advisory that addresses four critical vulnerabilities (CVE-2025-1974, CVE-2025-24514, CVE-2025-1098, CVE-2025-1097). These vulnerabilities, collectively named “IngressNightmare”, affect the Ingress NGINX Controller for Kubernetes. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by the Kubernetes vulnerabilities. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.
867113 - Focal Point v2.1 1 | | |
For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below: 1 Philips hosting and managed services businesses are in the process of evaluating and validating patches to the hosting and managed infrastructures. Note: This only impacts those who have cloud connected solutions. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Publication Date: 2025 March 21 Update Date: 2025 March 21 Philips is currently monitoring developments and updates related to a critical vulnerability (CVE-2025-24813) that was disclosed by Apache Software Foundation. This critical vulnerability, if exploited, could allow a remote attacker to exploit a path equivalence flaw to view file system contents and add malicious content via a write-enabled Default Servlet in Apache Tomcat. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Publication Date: 2025 March 21 Update Date: 2025 March 21 Philips is currently monitoring developments and updates related to a recently released VMware advisory VMSA-2025-0004. The advisory addresses three critical vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) that affect multiple VMware products. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Publication Date: 2025 March 13 Update Date: 2025 March 13 In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding potential vulnerabilities related to Philips IntelliSpace Cardiovascular (ISCV) versions 4.1 and prior and versions 5.1 and prior. Under specific conditions, the potential security vulnerabilities identified by an external security researcher and validated by Philips could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. Philips recommends the following mitigations: Philips has reported this vulnerability publicly and to the appropriate government agencies, including the U.S. Cybersecurity Infrastructure and Security Agency (CISA), which is issuing an advisory. CISA website: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01
To date, Philips has not received any reports of patient harm, exploitation of these issues or incidents from clinical use that we have been able to associate with these issues.
Publication Date: 2025 February 26 Update Date: 2025 February 26 Philips is aware of security researcher reports that a known hacker group is distributing malware disguised as Philips medical imaging viewer software (also known as DICOM viewer) to unsuspecting users via unauthorized sites and methods, including phishing techniques. Philips DICOM viewer that is provided by or downloaded from authorized Philips sources – as required – is not affected by this issue and continues to be safe for use. This reported malware campaign does not originate with Philips products or services. Philips DICOM viewer from legitimate sources has not been exploited, and this is not a security vulnerability with the product itself. Customers with questions about this issue may contact the Philips Product Security team at: productsecurity@philips.com
Publication Date: 2025 February 21 Update Date: 2025 February 25 Philips is currently monitoring developments and updates related to a critical vulnerability (CVE-2020-11023) which was first disclosed by JQuery in 2020 and was recently included in CISA’s Known Exploited Vulnerabilities Catalogue. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by the JQuery vulnerability. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.
867113 - Focal Point v2.1 & prior | 839001 - Vue PACS 12.2 2 |
866183 - IntelliBridge Enterprise (IBE 2.0, B.09, B.10, B.12) 1 | Vue Patient Center v1.0.25.0 (China Market Only) |
866009 - IntelliVue Guardian Software E.00 & E.01 | Vue RIS Web v2.1.28.0 (China Market Only) |
867173 - VitalSky 2.4.0 | |
For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below: 1 Product versions listed above have reached End of Life and End of Support. Philips recommends upgrading to the latest version of IntelliBridge Enterprise (IBE) to mitigate this vulnerability. 2 Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure. Please contact your local service support team. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Publication Date: 2025 February 21 Update Date: 2025 February 21 Philips is currently monitoring developments and updates related to multiple critical vulnerabilities discovered within Ivanti Endpoint Manager (EPM) CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159. Ivanti has released updates for Ivanti Endpoint Manager (EPM) which addresses these critical vulnerabilities. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Publication Date: 2025 February 14 Update Date: 2025 February 14 Philips is currently monitoring developments and updates related to a critical vulnerability (CVE-2025-23114) disclosed by Veeam, a Backup and disaster recovery Software company. This critical vulnerability, if exploited, could allow an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on an affected appliance server with root-level permissions. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Publication Date: 2025 January 28 Update Date: 2025 January 29 Philips is currently monitoring developments and updates related to two vulnerabilities (CVE-2024-11477 and CVE-2025-0411) within 7-Zip, a widely used open-source file archiving software. These critical vulnerabilities, if exploited, could allow remote attackers to execute malicious code on a victim’s system. Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols. Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products. Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by 7-Zip’s vulnerabilities. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.
866389/867141 – PICix1 | |
1 Information or patch available on InCenter. Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.
Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.
Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.
Customers with specific questions regarding any security advisory or their Philips products are asked to send an e-mail to productsecurity@philips.com, contact their Philips Service Representative or contact their regional Philips Service Support. Any media inquiries should be directed to:
Mario Fante, mario.fante@philips.com
or (outside N. America):
Steve Klink, steve.klink@philips.com
You are about to visit a Philips global content page
Continue