CVE-2025-4395

Summary

Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality.

This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

Affected Software

VendorProductVersion RangeStatus
MedtronicMyCareLink Patient Monitor 249500 < June 25, 2025affected
MedtronicMyCareLink Patient Monitor 249520 < June 25, 2025affected

Weaknesses

  • CWE-258: CWE-258 Empty Password in Configuration File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References