CVE 9.8 CRITICAL

CVE-2025-14346_CVE-2025-14346

January 5, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.

AI Analysis

Unauthenticated Bluetooth connection vulnerability allowing movement command manipulation and configuration override

Basic Information

ID CVE-2025-14346

Source icscert

Published Jan 5, 2026 at 15:39

Affected Product

Vendor WHILL

Product Model C2 Electric Wheelchair, Model F Power Chair

Version all

Affected Versions WHILL Model C2 Electric Wheelchair all
WHILL Model F Power Chair all

CWE Classification

CWE-306

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor WHILL

Product Model C2 Electric Wheelchair, Model F Power Chair

Version all

References

www.cisa.gov /news-events/ics-medical-advisories/icsma-25-364-01

{
    "lastseen": "",
    "description": "WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction.",
    "published": "2026-01-05T15:39:19.710Z",
    "modified": "2026-01-05T15:39:19.710Z",
    "type": "cve",
    "title": "CVE-2025-14346",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01",
    "id": "CVE-2025-14346",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "WHILL Model C2 Electric Wheelchair all\nWHILL Model F Power Chair all",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Model C2 Electric Wheelchair, Model F Power Chair",
    "version": "all",
    "vendor": "WHILL",
    "ai_description": "Unauthenticated Bluetooth connection vulnerability allowing movement command manipulation and configuration override",
    "ai_severity": "Critical",
    "ai_vendor": "WHILL",
    "ai_product": "Model C2 Electric Wheelchair, Model F Power Chair",
    "ai_version": "all",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply