CVE-2025-4386 | THREATINT

Description

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.

PUBLISHED Reserved 2025-05-06 | Published 2026-05-07 | Updated 2026-05-07 | Assigner Medtronic

MEDIUM: 6.8CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-1263: Improper Physical Access Control

Product status

Default status

unaffected

Any version before February 25, 2026

affected

Default status

unaffected

Any version before February 25, 2026

affected

Credits

Ethan Morchy, with Somerset Recon finder

Carl Mann, independent researcher finder

References

www.medtronic.com/...nk-patient-monitor-vulnerabilities.html vendor-advisory

www.cisa.gov/...vents/ics-medical-advisories/icsma-25-205-01 third-party-advisory

cve.org (CVE-2025-4386)

nvd.nist.gov (CVE-2025-4386)

Download JSON

help @ threatint.eu