CVE-2025-14346NVD

Vulnerability Summary

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

Severity Level

CRITICAL(9.3)

Published Date

Jan 5, 2026

Last Modified

Jan 8, 2026

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-306: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

External References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-14346NVD

Vulnerability Summary

External References