CVE-2025-4394 | THREATINT

Description

Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

PUBLISHED Reserved 2025-05-06 | Published 2025-07-24 | Updated 2026-03-27 | Assigner Medtronic

MEDIUM: 6.8CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-312 Cleartext Storage of Sensitive Information

Product status

Default status

unaffected

Any version before June 25, 2025

affected

Default status

unaffected

Any version before June 25, 2025

affected

Credits

Ethan Morchy, with Somerset Recon finder

Carl Mann, independent researcher finder

References

www.medtronic.com/...nk-patient-monitor-vulnerabilities.html vendor-advisory

www.cisa.gov/...vents/ics-medical-advisories/icsma-25-205-01 third-party-advisory

cve.org (CVE-2025-4394)

nvd.nist.gov (CVE-2025-4394)

Download JSON

help @ threatint.eu