CVE-2025-4394 MEDIUM

CVE-2025-4394: Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability

Vendor Medtronic
Product MyCareLink Patient Monitor 24950
Weakness CWE-312 · Cleartext storage
Published July 24, 2025
Last update March 27, 2026

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

Key dates

02Disclosure timeline

July 24, 2025 CVE published
March 27, 2026 Record updated