Local Information Disclosure Vulnerability in Medtronic CareLink Network
CVE-2025-12996

4.1MEDIUM

Key Information:

Vendor

Medtronic

Status
Carelink Network
Vendor
CVE Published:
4 December 2025

What is CVE-2025-12996?

A local information disclosure vulnerability exists in the Medtronic CareLink Network, allowing an attacker with access to log files on an internal API server to retrieve plaintext passwords from logged errors. This could lead to unauthorized access and compromise sensitive user data. It is essential for users to implement adequate security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

CareLink Network 0

References

https://www.medtronic.com/en-us/e/product-security/securi...
vendor-advisory

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-12996 : Local Information Disclosure Vulnerability in Medtronic CareLink Network