CVE-2025-10937

Name of the Vulnerable Software and Affected Versions Oxford Nanopore Technologies MinKNOW versions prior to 24.11

Description The MinKNOW software creates a temporary file to store the local authentication token during startup, before moving it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorized local user or process can exploit this by placing a file lock on the temporary token file using the flock system call. This prevents MinKNOW from completing the token generation process, resulting in no valid local token being created. Consequently, the software cannot execute commands on the sequencer, leading to a denial-of-service (DoS) condition that blocks sequencing operations.

Recommendations Update MinKNOW to version 24.11 or later.