CVE-2025-54304

Name of the Vulnerable Software and Affected Versions Thermo Fisher Ion Torrent OneTouch 2 INS1005527 (affected versions not specified)

Description An issue exists on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices where an X11 display server starts when the device is powered on. This server listens on all network interfaces via port 6000. The default X11 access control list allows connections from 127.0.0.1 and 192.168.2.15. If the device connects to a network using DHCP and does not receive the 192.168.2.15 IP address, the X11 display server becomes accessible from other devices on the network. This allows an attacker to gain root privileges and remotely execute code by interacting with matchbox-desktop and spawning a terminal.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.