Medtronic Carelink Network vulnerabilities
4 known vulnerabilities affecting medtronic/carelink_network.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-12995P2CRITICALCVSS 9.8fixed in 2025-12-04fixed in December 4, 20252025-12-04
CVE-2025-12995 [CRITICAL] CWE-307 CVE-2025-12995: Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
nvd
CVE-2025-12994P3MEDIUMCVSS 5.3fixed in 2025-12-04fixed in December 4, 20252025-12-04
CVE-2025-12994 [MEDIUM] CWE-204 CVE-2025-12994: Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for secur
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.
nvd
CVE-2025-12996P4MEDIUMCVSS 4.1fixed in 2025-12-04fixed in December 4, 20252025-12-04
CVE-2025-12996 [MEDIUM] CWE-532 CVE-2025-12996: Medtronic CareLink Network allows a local attacker with access to log files on an internal API serve
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
nvd
CVE-2025-12997P4LOWCVSS 3.1fixed in 2025-12-04fixed in December 4, 20252025-12-04
CVE-2025-12997 [LOW] CWE-639 CVE-2025-12997: Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authent
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.
nvd