CVE-2025-14346 Overview
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within Bluetooth range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user interaction. This vulnerability represents a serious safety concern for users of these mobility devices, as unauthorized control could lead to physical harm.
Critical Impact
Attackers within Bluetooth range can take complete control of affected wheelchairs, potentially causing physical harm to users through unauthorized movement commands and speed manipulation.
Affected Products
- WHILL Model C2 Electric Wheelchairs
- WHILL Model F Power Chairs
Discovery Timeline
- 2026-01-05 - CVE CVE-2025-14346 published to NVD
- 2026-01-08 - Last updated in NVD database
Technical Details for CVE-2025-14346
Vulnerability Analysis
This vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), which occurs when a system fails to perform authentication for functionality that requires a provable user identity or consumes significant resources. In this case, the WHILL mobility devices accept Bluetooth connections and commands without requiring any form of authentication or pairing authorization.
The affected wheelchairs expose critical mobility control functions over Bluetooth without implementing proper access controls. This design flaw allows any device within Bluetooth range to establish a connection and send commands to the wheelchair's control system. The lack of authentication means there is no mechanism to verify that commands are coming from an authorized source, such as the legitimate user's smartphone application.
Root Cause
The root cause is a fundamental design flaw in the Bluetooth communication protocol implementation. The devices do not implement any authentication mechanism for incoming Bluetooth connections, treating all connection requests as trusted by default. This Missing Authentication for Critical Function (CWE-306) allows unauthenticated actors to access functionality that controls the physical movement of the wheelchair.
Attack Vector
An attacker positioned within Bluetooth range (typically up to 10 meters, potentially extended with directional antennas) can discover the vulnerable wheelchair device, establish an unauthenticated Bluetooth connection, and begin sending control commands. The attack requires no user interaction on the target device and can be performed without any credentials.
The attacker can then:
- Issue movement commands to control the wheelchair's direction and movement
- Override safety speed restrictions configured for the user
- Modify device configuration profiles
- Potentially disable the legitimate user's control
For detailed technical information about this vulnerability, refer to the CISA Medical Advisory ICSMA-25-364-01.
Detection Methods for CVE-2025-14346
Indicators of Compromise
- Unexpected or unauthorized Bluetooth connections to the wheelchair device
- Unexplained movement or behavior of the wheelchair not initiated by the user
- Changes to speed settings or configuration profiles that were not made by the user
- Multiple or unknown devices appearing in the wheelchair's Bluetooth pairing history
Detection Strategies
- Monitor for unusual Bluetooth scanning activity in areas where vulnerable devices are used
- Implement network monitoring to detect rogue Bluetooth devices attempting connections
- Review wheelchair device logs (if available) for unauthorized connection attempts
- Train users to recognize signs of unauthorized device control
Monitoring Recommendations
- Regularly audit Bluetooth paired devices and remove any unrecognized entries
- Consider using Bluetooth signal detection tools to identify unauthorized devices in proximity
- Document normal operational patterns to identify anomalous behavior
- Establish procedures for users to report unexpected device behavior immediately
How to Mitigate CVE-2025-14346
Immediate Actions Required
- Contact WHILL for official guidance on firmware updates or patches that address this vulnerability
- Disable Bluetooth functionality on affected devices when not actively required
- Limit use of affected devices in public or unsecured areas where attackers could be within range
- Monitor devices closely for any signs of unauthorized access or control
- Consider physical supervision when using the device in high-risk environments
Patch Information
Users should consult the CISA Medical Advisory ICSMA-25-364-01 for the latest mitigation guidance and contact WHILL directly for information about firmware updates that address this vulnerability.
Workarounds
- Disable Bluetooth on the wheelchair when not in active use with an authorized application
- Use the wheelchair only in controlled environments where unauthorized Bluetooth access is unlikely
- Maintain physical awareness of surroundings to identify potential attackers with mobile devices in close proximity
- If possible, configure the device to require manual confirmation for new Bluetooth connections
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
