Medtronic Micro Clinician & InterStim X Clinician App Password Reset Issue
CVE-2023-25931

6.4MEDIUM

Key Information:

Vendor: Medtronic
Status: Insterstim Applications
Vendor: CVE Published:; 1 March 2023

Badges

👾 Exploit Exists

What is CVE-2023-25931?

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.

Affected Version(s)

InsterStim Applications Micro Clinician

InsterStim Applications InterStim X Clinician

References

https://global.medtronic.com/xg-en/product-security/secur...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 7, 2025
Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Feb 16, 2023

CVE-2023-25931 Data

JSON