CVE-2025-12996
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-08
Assigner: Medtronic
Description
Description
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| medtronic | carelink_network | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Medtronic CareLink Network allows a local attacker who has access to log files on an internal API server to view plaintext passwords. These passwords are exposed because they are logged in error messages under certain circumstances.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with local access to the internal API server logs to obtain plaintext passwords, potentially leading to unauthorized access to sensitive systems or data within the CareLink Network environment.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70