CVE-2025-12995

High CVSS: 8.1

Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.

Vendor

Medtronic

Product

Carelink Network

CWE

CWE-307

Yayın Tarihi

2025-12-04 20:16:17

Güncelleme

2025-12-22 18:09:59

Source Identifier

security@medtronic.com

KEV Date Added

Kategoriler

CWE-307 Carelink Network HIGH Medtronic 2025

Referanslar

https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html

Benzer Kayıtlar

Medium

CVE-2025-12994

Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an…

Medium

CVE-2025-12996

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext…

Low

CVE-2025-12997

Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with…