CVE-2025-4386

Medtronic MyCareLink Patient Monitor Hardware Debug Port

CVSS 6.8 MEDIUMEPSS 0.2%CWE-1263

In short

The Medtronic MyCareLink Patient Monitor has an exposed serial debug port that can be accessed physically, allowing an attacker to reach a login prompt without authentication. This could enable unauthorized access to sensitive patient monitoring data or device functions.

Technical detail

A UART serial interface on the Medtronic MyCareLink Patient Monitor exposes an unauthenticated login prompt to an attacker with physical access to the device. The vulnerability requires physical proximity but bypasses standard authentication mechanisms, potentially allowing administrative access or configuration changes to a critical medical device.

Summary generated and translated by AI from the official description.

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Medtronic · MyCareLink Patient Monitor 24950 Medtronic · MyCareLink Patient Monitor 24952

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01 https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html