CVE-2025-12994

Description

Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.

PUBLISHED Reserved 2025-11-11 | Published 2025-12-04 | Updated 2025-12-04 | Assigner Medtronic

Problem types

CWE-204 Observable Response Discrepancy

Product status

Credits

Bernhard Lorenz finder

References

www.medtronic.com/...s/carelink-network-vulnerabilities.html vendor-advisory

cve.org (CVE-2025-12994)

nvd.nist.gov (CVE-2025-12994)