CVE-2025-14346CRITICAL 9.8EPSS p91.8%

CVE-2025-14346CVE-2025-14346

Description

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS5.49% probability of exploitation · percentile 91.8% · 2026-06-18T12:00:27Z
Published2026-01-05
Last modified2026-04-15

Underlying weaknesses· 1

CWE-306

References

  1. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-24790
CVE
CVE-2026-0097
CVE
CVE-2026-25945
CVE
CVE-2025-41682
CVE
CVE-2025-10457
CVE
CVE-2025-41652
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.