CVE-2025-54304

CVE-2025-54304 is a high-severity vulnerability (CVSS 3.1 score of 9.8) affecting Thermo Fisher Ion Torrent OneTouch 2 devices with part number INS1005527. The issue stems from an X11 display server that starts automatically when the device is powered on, listening on all network interfaces over TCP port 6000. By default, the X11 access control list permits connections only from 127.0.0.1 and 192.168.2.15. However, if the device is later connected to a network using DHCP and assigned a different IP address, the display server becomes accessible to other devices on the network, exposing sensitive information (CWE-200).

Any unauthenticated attacker with network access to the device can exploit this vulnerability with low complexity, requiring no privileges or user interaction. By connecting to the exposed X11 server on port 6000, an attacker can interact with the matchbox-desktop environment to spawn a terminal, achieving remote code execution with root privileges. This grants high confidentiality, integrity, and availability impacts, potentially allowing full device compromise.

No patches or mitigations are available, as the vulnerability affects products no longer supported by the maintainer. References point to Thermo Fisher user guides and product documentation, which describe system setup but do not address this issue or provide remediation steps. Security practitioners should isolate these legacy devices on segmented networks or air-gapped environments to prevent exposure.