25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

High Severity Vulnerabilities Identified in Philips Intellispace Cardiovascular (ISCV)

Posted By on Mar 17, 2025

Two high-severity vulnerabilities have been identified in Philips Intellispace Cardiovascular (ISCV), a popular multi-modality image and information management solution for healthcare providers. The vulnerabilities are present in ISCV version 4.1 and prior versions and ISCV version 5.1 and prior versions. The vulnerabilities are due to improper authentication and the use of weak credentials. Both vulnerabilities have been assigned a CVSS v3.1 severity score of 7.7 and a CVSS v4 severity score of 8.5. An attacker can exploit the vulnerabilities to replay the session of a logged-in user and gain access to patient records.

Vulnerability CVE-2025-2230 is due to improper authentication. The Windows login flow contains a flaw where an AuthContext token can be exploited for replay attacks and authentication bypass. Vulnerability CVE-2025-2229 is due to weak credentials, where a token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.

The vulnerabilities have been resolved in previous releases of ISCV; however, healthcare providers will be vulnerable if they are running older versions of the software. CVE-2025-2230 was resolved in the May 2019 release, ISCV 4.2 build 20589, and CVE-2025-2229 was resolved in the September 2020 release, ISCV 5.2. Phillips recommends updating the ISCV installed base to the latest version, which is currently 830089 – IntelliSpace Cardiovascular 8.0.0.0. Users should check the product to identify the installed version and contact a Philips sales representative to learn how to initiate the upgrade process.

In addition to updating to the current version, users should ensure that the solution is not accessible from the Internet, is located behind a firewall, and is isolated from business networks. If remote access is required, a secure method of access should be used, such as a virtual private network (VPN).

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist