Ghostwire

CVE-2025-4397: Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker...

MEDIUM CVSS 6.8

Published: May 7, 2026 | Last Modified: May 7, 2026

Description

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01
www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01
www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-8-7-18.
www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient