CVE-2025-4393

MEDIUM 6.5

Medtronic MyCareLink Patient Monitor Deserialization Vulnerability

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

6th

Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

CWE	CWE-502
Vendor	medtronic
Product	mycarelink patient monitor 24950
Published	Jul 24, 2025
Last Updated	Mar 27, 2026

Stay Ahead of the Next One

Get instant alerts for medtronic mycarelink patient monitor 24950

Be the first to know when new medium vulnerabilities affecting medtronic mycarelink patient monitor 24950 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Affected Versions

Medtronic / MyCareLink Patient Monitor 24950

0 < June 25, 2025

Medtronic / MyCareLink Patient Monitor 24952

0 < June 25, 2025

References

NVD ↗ CVE.org ↗ EPSS Data ↗

medtronic.com: https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html cisa.gov: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01

Credits

Ethan Morchy, with Somerset Recon Carl Mann, independent researcher