cbcvebase.
CVE-2025-12997
published 2025-12-04

CVE-2025-12997: Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user…

PriorityP414low3.1CVSS 3.1
AVNACHPRLUINSUCLINAN
EPSS
0.15%
5.0th percentile
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.

Affected

2 ranges
VendorProductVersion rangeFixed in
medtroniccarelink_network< December 4, 2025December 4, 2025
medtroniccarelink_network< 2025-12-042025-12-04
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.