CVE-2025-4394
BaseFortify
Publication date: 2025-07-24
Last updated on: 2026-03-27
Assigner: Medtronic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| medtronic | mycarelink_patient_monitor | 24950 |
| medtronic | mycarelink_patient_monitor | 24952 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Medtronic MyCareLink Patient Monitor involves the use of an unencrypted filesystem on the device's internal storage. This allows an attacker who has physical access to the device to read and modify files stored on it.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with physical access to the device to access sensitive data and potentially alter it. This could lead to compromised patient information confidentiality, integrity, and availability, which may affect patient safety and privacy.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, restrict physical access to the affected Medtronic MyCareLink Patient Monitor models 24950 and 24952 to prevent unauthorized reading or modification of files on the unencrypted internal storage.