CVE-2025-4395 MEDIUM

CVE-2025-4395: Medtronic MyCareLink Patient Monitor Empty Password Vulnerability

Vendor Medtronic
Product MyCareLink Patient Monitor 24950
Weakness CWE-258
Published July 24, 2025
Last update March 27, 2026

CVSS base score

6.8/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

Key dates

02Disclosure timeline

July 24, 2025 CVE published
March 27, 2026 Record updated