CVE-2025-12997

Low CVSS: 2.2

Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.

Vendor

Medtronic

Product

Carelink Network

CWE

CWE-639

Yayın Tarihi

2025-12-04 20:16:17

Güncelleme

2025-12-22 18:09:54

Source Identifier

security@medtronic.com

KEV Date Added

Kategoriler

CWE-639 Carelink Network LOW Medtronic 2025

Referanslar

https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html

Benzer Kayıtlar

Medium

CVE-2025-12994

Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an…

High

CVE-2025-12995

Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint…

Medium

CVE-2025-12996

Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext…