CVE-2025-12995
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-08
Assigner: Medtronic
Description
Description
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| medtronic | carelink_network | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint. This attack could enable the attacker to determine a valid password under certain circumstances.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access by allowing attackers to discover valid passwords through brute force attacks. This could compromise the confidentiality, integrity, and availability of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70