Oxford Nanopore 2025: MinKNOW Vulnerabilities Expose Medical Devices to Remote Exploitation
Executive Summary
In October 2025, Oxford Nanopore Technologies disclosed three critical vulnerabilities in its MinKNOW DNA/RNA sequencing devices, impacting versions prior to 24.11. These flaws, which included missing authentication for critical functions, insufficiently protected credentials, and improper checks for exceptional conditions, allowed unauthorized users—both local and remote—to access, manipulate, or halt sequencing operations. Attackers could exploit default remote access settings and insecure credential storage to exfiltrate or alter sensitive data and cause denial of service in key sequencing workflows. The vulnerabilities were responsibly reported by academic researchers, prompting urgent advisories by CISA and the vendor.
This incident underscores increasing risk to healthcare and life sciences infrastructure, with medical device supply chains emerging as a prime target for cyberattackers. As regulatory focus on medical device cybersecurity intensifies globally, organizations must swiftly address legacy systems and implement controls that secure both east-west and egress traffic, limit access, and ensure encrypted credential storage.
Why This Matters Now
With rapidly advancing integration of medical devices into healthcare environments, vulnerabilities in embedded or IoT software pose immediate risks to patient care, data integrity, and operational continuity. This incident highlights the urgency of securing remote access and credential management as attackers seek to exploit weaknesses in critical clinical equipment.
Attack Path Analysis
An attacker gained initial access to the MinKNOW device through exposed remote access with weak authentication, then escalated privileges by stealing insufficiently protected tokens from the file system. The adversary was able to move laterally within the trusted network to other accessible systems, established command and control by maintaining an unauthorized connection to the sequencer, and exfiltrated sequencing data by redirecting output or using developer tokens. Ultimately, the attacker could disrupt or halt sequencing processes, causing denial of service and data integrity losses.
Kill Chain Progression
Initial Compromise
Description
Attacker accessed MinKNOW remote management features by exploiting missing authentication controls and enabled remote access from a local or adjacent network.
Related CVEs
CVE-2024-35585
CVSS 8.6A vulnerability in MinKNOW versions prior to 24.06 allows unauthorized users on the same network to access the sequencer by registering a legitimate or temporary Oxford Nanopore account, potentially disrupting sequencing operations and exfiltrating data.
Affected Products:
Oxford Nanopore Technologies MinKNOW – < 24.06
Exploit Status:
no public exploitCVE-2025-54808
CVSS 7.8MinKNOW versions prior to 24.11 store authentication tokens in a world-readable temporary directory, allowing local users or applications to access the token and potentially establish unauthorized remote connections to the sequencer.
Affected Products:
Oxford Nanopore Technologies MinKNOW – < 24.11
Exploit Status:
no public exploitCVE-2025-10937
CVSS 5.5MinKNOW versions prior to 24.11 create a temporary file for local authentication tokens in a directory accessible to all users, allowing unauthorized local users to place a file lock and cause a denial-of-service condition, blocking sequencing operations.
Affected Products:
Oxford Nanopore Technologies MinKNOW – < 24.11
Exploit Status:
no public exploit
MITRE ATT&CK® Techniques
Exploit Public-Facing Application
Valid Accounts
Unsecured Credentials: Credentials In Files
Network Sniffing
Data Manipulation: Stored Data Manipulation
Endpoint Denial of Service
Remote Services: Remote Desktop Protocol
Network Service Scanning
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Authentication for All System Components
Control ID: 8.2.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
NIS2 Directive – Access Control and Asset Management
Control ID: Art. 21(2)(d)
CISA Zero Trust Maturity Model 2.0 – Authentication and Authorization
Control ID: Identity Pillar: AuthN and AuthZ
DORA (EU Digital Operational Resilience Act) – ICT Security Requirements
Control ID: Art. 9(2)
HIPAA Security Rule – Access Control
Control ID: 45 CFR §164.312(a)(1)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Health Care / Life Sciences
DNA/RNA sequencing devices face critical authentication bypass and data exfiltration risks, threatening genetic research integrity and HIPAA compliance requirements.
Biotechnology/Greentech
MinKNOW vulnerabilities enable unauthorized access to sequencing operations, potentially compromising proprietary genetic data and disrupting biotechnology research workflows.
Research Industry
Remote exploitation of sequencing equipment allows attackers to manipulate genomic research data, pause critical studies, and redirect sensitive scientific outputs.
Pharmaceuticals
Authentication weaknesses in genetic sequencing infrastructure threaten drug development pipelines and regulatory compliance for pharmaceutical research and development activities.
Sources
- Oxford Nanopore Technologies MinKNOWhttps://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-294-01Verified
- MinKNOW Softwarehttps://nanoporetech.com/software/Verified
- Oxford Nanopore Technologies Contacthttps://nanoporetech.com/about/contactVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Zero Trust network segmentation, real-time traffic inspection, and egress enforcement would have blocked or severely limited unauthorized remote access, credential abuse, internal movement, and data exfiltration impacting clinical operations. CNSF controls, such as microsegmentation and anomaly detection, limit attack paths and enable fast incident response in medical device networks.
Control: Zero Trust Segmentation
Mitigation: Prevents direct access to control-plane interfaces from untrusted sources.
Control: Threat Detection & Anomaly Response
Mitigation: Detects suspicious access to sensitive credentials and rapid privilege changes.
Control: East-West Traffic Security
Mitigation: Stops unauthorized internal traversal between medical and clinical systems.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: Enables real-time inline enforcement and detection of suspicious control-plane actions.
Control: Egress Security & Policy Enforcement
Mitigation: Prevents or alerts on unauthorized outbound transfer of sensitive data.
Rapid incident detection and scope limitation reduces operational disruption.
Impact at a Glance
Affected Business Functions
- Sequencing Operations
- Data Analysis
Estimated downtime: 3 days
Estimated loss: $50,000
Potential exposure of sensitive sequencing data, including DNA and RNA sequences, to unauthorized parties.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce zero trust segmentation to strictly limit device access and restrict network exposure for all medical systems.
- • Deploy real-time threat detection and anomaly response for all device management and credential-related activities.
- • Implement strong egress policies to prevent unauthorized data exfiltration and detect malicious outbound traffic.
- • Increase east-west traffic controls and visibility to prevent adversary lateral movement in healthcare environments.
- • Regularly review and update device firmware/software and ensure token storage does not expose sensitive credentials.
