Search criteria
6 vulnerabilities found for MyCareLink Patient Monitor 24950 by Medtronic
CVE-2025-4395 (GCVE-0-2025-4395)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:30 – Updated: 2025-07-24 13:18
VLAI?
Title
Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity ?
6.8 (Medium)
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|||||||
|
|||||||||
Credits
Ethan Morchy, with Somerset Recon
Carl Mann, independent researcher
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:18:46.616820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:18:56.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T03:30:24.185Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Empty Password Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4395",
"datePublished": "2025-07-24T03:30:24.185Z",
"dateReserved": "2025-05-06T20:01:00.625Z",
"dateUpdated": "2025-07-24T13:18:56.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4394 (GCVE-0-2025-4394)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:26 – Updated: 2025-07-24 13:19
VLAI?
Title
Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability
Summary
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity ?
6.8 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|||||||
|
|||||||||
Credits
Ethan Morchy, with Somerset Recon
Carl Mann, independent researcher
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:19:43.967176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:19:47.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T03:26:06.706Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4394",
"datePublished": "2025-07-24T03:26:06.706Z",
"dateReserved": "2025-05-06T20:00:59.768Z",
"dateUpdated": "2025-07-24T13:19:47.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4393 (GCVE-0-2025-4393)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:22 – Updated: 2025-07-24 14:33
VLAI?
Title
Medtronic MyCareLink Patient Monitor Deserialization Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity ?
6.5 (Medium)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|||||||
|
|||||||||
Credits
Ethan Morchy, with Somerset Recon
Carl Mann, independent researcher
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T14:33:13.440835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T14:33:18.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T03:22:20.208Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4393",
"datePublished": "2025-07-24T03:22:20.208Z",
"dateReserved": "2025-05-06T20:00:56.804Z",
"dateUpdated": "2025-07-24T14:33:18.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4395 (GCVE-0-2025-4395)
Vulnerability from nvd – Published: 2025-07-24 03:30 – Updated: 2025-07-24 13:18
VLAI?
Title
Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity ?
6.8 (Medium)
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|||||||
|
|||||||||
Credits
Ethan Morchy, with Somerset Recon
Carl Mann, independent researcher
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:18:46.616820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:18:56.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T03:30:24.185Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Empty Password Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4395",
"datePublished": "2025-07-24T03:30:24.185Z",
"dateReserved": "2025-05-06T20:01:00.625Z",
"dateUpdated": "2025-07-24T13:18:56.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4394 (GCVE-0-2025-4394)
Vulnerability from nvd – Published: 2025-07-24 03:26 – Updated: 2025-07-24 13:19
VLAI?
Title
Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability
Summary
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity ?
6.8 (Medium)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|||||||
|
|||||||||
Credits
Ethan Morchy, with Somerset Recon
Carl Mann, independent researcher
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:19:43.967176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:19:47.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T03:26:06.706Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4394",
"datePublished": "2025-07-24T03:26:06.706Z",
"dateReserved": "2025-05-06T20:00:59.768Z",
"dateUpdated": "2025-07-24T13:19:47.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4393 (GCVE-0-2025-4393)
Vulnerability from nvd – Published: 2025-07-24 03:22 – Updated: 2025-07-24 14:33
VLAI?
Title
Medtronic MyCareLink Patient Monitor Deserialization Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity ?
6.5 (Medium)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|||||||
|
|||||||||
Credits
Ethan Morchy, with Somerset Recon
Carl Mann, independent researcher
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T14:33:13.440835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T14:33:18.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T03:22:20.208Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4393",
"datePublished": "2025-07-24T03:22:20.208Z",
"dateReserved": "2025-05-06T20:00:56.804Z",
"dateUpdated": "2025-07-24T14:33:18.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}