CVE-2025-4393

Summary

Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges.

This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

Affected Software

VendorProductVersion RangeStatus
MedtronicMyCareLink Patient Monitor 249500 < June 25, 2025affected
MedtronicMyCareLink Patient Monitor 249520 < June 25, 2025affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References