CVE-2025-4386 PUBLISHED

Medtronic MyCareLink Patient Monitor Hardware Debug Port

Assigner: Medtronic
Reserved: 06.05.2025 Published: 07.05.2026 Updated: 07.05.2026

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 6.8

Attack Vector	Physical	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Medtronic
Product	MyCareLink Patient Monitor 24950
Versions	Default: unaffected affected from 0 to February 25, 2026 (excl.)

Vendor	Medtronic
Product	MyCareLink Patient Monitor 24952
Versions	Default: unaffected affected from 0 to February 25, 2026 (excl.)

Credits

Ethan Morchy, with Somerset Recon finder
Carl Mann, independent researcher finder

References

Problem Types

CWE-1263: Improper Physical Access Control CWE

Impacts

CAPEC-401 Physically Hacking Hardware