CVE-2025-12699 is a vulnerability identified in the ZOLL ePCR iOS mobile application version 2.6.7, categorized under CWE-538, which involves the insertion of sensitive information into an externally accessible file or directory. The core issue arises from the application reflecting unsanitized user input into a WebView component. Specifically, attacker-controlled strings placed into patient care report (PCR) fields such as run number, incident, call sign, and notes are interpreted as HTML and JavaScript when the app renders or prints this content. This improper input sanitization allows an attacker to inject scripts that can execute within the app’s WebView context. The proof of concept demonstrates that injected scripts can read local files accessible to the app, which contain sensitive device and user data, including protected health information (PHI) and device telemetry. This local file read capability could lead to unauthorized disclosure of sensitive medical data. The vulnerability does not require any privileges (PR:N) but does require user interaction (UI:A) to trigger the malicious content rendering. The attack vector is local (AV:L), meaning the attacker must have local access to the device or the ability to influence the input fields. The vulnerability has a CVSS 4.0 score of 6.7, indicating a medium severity level. No patches are currently linked, and no known exploits are reported in the wild. The vulnerability’s impact is primarily on confidentiality, with no direct impact on integrity or availability. The issue highlights the risks of embedding unsanitized user input in WebView components within mobile healthcare applications, which can lead to data leakage and privacy violations.

For European organizations, particularly healthcare providers using the ZOLL ePCR iOS application, this vulnerability poses a significant risk to the confidentiality of sensitive patient data. Exposure of protected health information (PHI) can lead to severe regulatory consequences under GDPR, including fines and reputational damage. The leakage of device telemetry could also provide attackers with insights into device configurations and usage patterns, potentially facilitating further attacks. Since the vulnerability requires local access and user interaction, the risk is somewhat mitigated but remains substantial in environments where devices are shared, lost, or accessed by unauthorized personnel. The impact extends to patient trust and compliance with healthcare data protection standards. Additionally, healthcare organizations could face operational disruptions if they must take affected devices offline to remediate the issue. Overall, the vulnerability threatens data confidentiality and privacy, which are critical in the healthcare sector.

European healthcare organizations should prioritize the following mitigations: 1) Monitor for and apply any official patches or updates released by ZOLL promptly once available. 2) Implement strict input validation and sanitization controls on all PCR fields to prevent injection of malicious scripts. 3) Disable or sandbox WebView components to restrict execution of untrusted content, limiting their ability to access local files. 4) Enforce device-level security controls such as strong authentication, device encryption, and mobile device management (MDM) policies to reduce risk of unauthorized local access. 5) Educate users on the risks of interacting with untrusted or suspicious PCR data entries and encourage reporting of anomalous app behavior. 6) Conduct regular audits of application logs and device telemetry to detect potential exploitation attempts. 7) Consider network segmentation and limiting the use of the vulnerable app to trusted environments to reduce exposure. These measures go beyond generic advice by focusing on application-specific controls and operational security practices tailored to the healthcare context.