Gematik Authenticator users are at risk of identity theft and session hijacking if they click on malicious deep links, potentially compromising sensitive health data.

The application is vulnerable to authentication flow hijacking. An unauthenticated attacker can craft a malicious deep link that, when clicked by a victim, redirects the authentication process to the attacker, allowing them to log in using the victim's identity.

This vulnerability directly threatens the confidentiality of digital health records. A successful attack allows unauthorized access to sensitive medical information and identity impersonation within the German health infrastructure. The CVSS score of 9.3 reflects the critical impact on user privacy and the high potential for targeted phishing attacks.

Immediate Action: Update Gematik Authenticator to version 4.16.0 or greater immediately.

Proactive Monitoring: Organizations should educate users on the risks of clicking unsolicited links, even those that appear to open legitimate local applications.

Compensating Controls: There are no known technical workarounds for this vulnerability; the software update is the only effective mitigation.

Public Exploit Available: false

The update to version 4.16.0 is mandatory for all users of the Gematik Authenticator. Given the sensitive nature of the data protected by this application, administrators should verify that all managed devices have been updated to the patched version to prevent identity hijacking.