What is CVE-2025-4394?

CVE-2025-4394 is a medium-severity vulnerability in Medtronic Mycarelink Patient Monitor 24950, classified under Cleartext Storage of Sensitive Information. CVSS score: 6.8/10. Published 2025-07-24.

How severe is CVE-2025-4394?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Vulnerability in Medtronic Mycarelink Patient Monitor 24950

CVE-2025-4394

Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before…

EPSS: 0.001 (23.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Medtronic Mycarelink Patient Monitor 24950 — versions 0
Medtronic Mycarelink Patient Monitor 24952 — versions 0

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

References

www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patien… (vendor-advisory)
www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01 (third-party-advisory)

Frequently asked questions

What is CVE-2025-4394?: CVE-2025-4394 is a medium-severity vulnerability in Medtronic Mycarelink Patient Monitor 24950, classified under Cleartext Storage of Sensitive Information. CVSS score: 6.8/10. Published 2025-07-24.
How severe is CVE-2025-4394?: Medium severity. CVSS v3 base score is 6.8 out of 10.