How to fix CVE-2025-54304?

Within 24 hours: Identify and inventory all Ion Torrent OneTouch 2 INS1005527 devices in your environment and isolate them from untrusted networks. Within 7 days: Implement network segmentation to restrict access to these devices to authorized personnel only, disable network access if operationally feasible, and document all devices still in use. Within 30 days: Evaluate migration to supported alternatives, establish end-of-life timelines for affected devices, and implement continuous network monitoring for suspicious X11 access attempts.

Is Ion Torrent Onetouch 2 Firmware affected by CVE-2025-54304?

Thermo Fisher Ion Torrent OneTouch 2 devices contain a critical remote code execution vulnerability affecting unsupported legacy equipment.

CVE-2025-54304

EUVD-2025-201179 CRITICAL

2025-12-04 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201179

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

CVE Published

Dec 04, 2025 - 15:15 nvd

CRITICAL 9.8

Description

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from 127.0.0.1 and 192.168.2.15. If a device is powered on and later connected to a network with DHCP, the device may not be assigned the 192.168.2.15 IP address, leaving the display server accessible by other devices on the network. The exposed X11 display server can then be used to gain root privileges and the ability to execute code remotely by interacting with matchbox-desktop and spawning a terminal. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Analysis

Technical Context

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Information Exposure (CWE-200).

Affected Products

Affected products: Thermofisher Ion Torrent Onetouch 2 Firmware -

Remediation

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +49

POC: 0

CVE-2025-54304 vulnerability details – vuln.today

Back

CVE-2025-54304

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-54304

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code