CVE-2025-4386

MEDIUM 6.8

Medtronic MyCareLink Patient Monitor Hardware Debug Port

CVSS Score

6.8

EPSS Score

0.0%

EPSS Percentile

0th

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.

CWE	CWE-1263
Vendor	medtronic
Product	mycarelink patient monitor 24950
Published	May 7, 2026
Last Updated	May 7, 2026

Stay Ahead of the Next One

Get instant alerts for medtronic mycarelink patient monitor 24950

Be the first to know when new medium vulnerabilities affecting medtronic mycarelink patient monitor 24950 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Medtronic / MyCareLink Patient Monitor 24950

0 < February 25, 2026

Medtronic / MyCareLink Patient Monitor 24952

0 < February 25, 2026

References

NVD ↗ CVE.org ↗ EPSS Data ↗

medtronic.com: https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html cisa.gov: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01

Credits

Ethan Morchy, with Somerset Recon Carl Mann, independent researcher