CVE-2025-4394

MEDIUM 6.8

Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability

CVSS Score

6.8

EPSS Score

0.0%

EPSS Percentile

3th

Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

CWE	CWE-312
Vendor	medtronic
Product	mycarelink patient monitor 24950
Published	Jul 24, 2025
Last Updated	Mar 27, 2026

Stay Ahead of the Next One

Get instant alerts for medtronic mycarelink patient monitor 24950

Be the first to know when new medium vulnerabilities affecting medtronic mycarelink patient monitor 24950 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Medtronic / MyCareLink Patient Monitor 24950

0 < June 25, 2025

Medtronic / MyCareLink Patient Monitor 24952

0 < June 25, 2025

References

NVD ↗ CVE.org ↗ EPSS Data ↗

medtronic.com: https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html cisa.gov: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01

Credits

Ethan Morchy, with Somerset Recon Carl Mann, independent researcher