CVE-2025-4393

6.5 MEDIUM

Published: July 24, 2025 Modified: March 27, 2026

Description

Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01

Source: security@medtronic.com

https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html

Source: security@medtronic.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

6.5 / 10.0

EPSS (Exploit Probability)

0.0%

10th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-502

Related CVEs

CVE-2026-5165 6.7

CVE-2026-5164 6.7

CVE-2026-5122 3.7

CVE-2026-33373 N/A

CVE-2026-30566 N/A