CVE-2025-12995CRITICAL 9.8EPSS p19.6%

CVE-2025-12995CVE-2025-12995

Description

Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.28% probability of exploitation · percentile 19.6% · 2026-06-19T12:03:05Z
Published2025-12-04
Last modified2025-12-22

Underlying weaknesses· 1

CWE-307

References

  1. https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-3070%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9051
CVE
CVE-2025-48981
CVE
CVE-2025-3090
CVE
CVE-2025-41709
CVE
CVE-2025-46412
CVE
CVE-2025-41652
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.