Main Vulnerability Database Vulnerabilities #VU113207

#VU113207 Cleartext storage of sensitive information in MyCareLink Patient Monitor model 24950 and MyCareLink Patient Monitor model 24952 - CVE-2025-4394

Published: July 25, 2025

Vulnerability identifier: #VU113207

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-4394

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
MyCareLink Patient Monitor model 24950
MyCareLink Patient Monitor model 24952

Software vendor:
Medtronic

Description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to cleartext storage of sensitive information. An attacker with physical access can read and modify files on the system.

Install updates from vendor's website.