CVE-2025-54808

Name of the Vulnerable Software and Affected Versions Oxford Nanopore Technologies MinKNOW versions prior to 24.11

Description The MinKNOW software stores authentication tokens in a world-readable file within the system's temporary directory (/tmp) on the host machine. If a token is compromised, and remote access is enabled, unauthorized remote connections to the sequencer can be established. The vulnerability can be chained with remote access capabilities to generate a developer token with an arbitrary expiration date, enabling persistent access and bypassing standard authentication. Remote access must be enabled for remote exploitation to succeed.

Recommendations Versions prior to 24.11 should be updated.