exploitDog

CVE-2025-12994

Опубликовано: 04 дек. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.

Ссылки

https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:medtronic:carelink_network:*:*:*:*:*:*:*:*

Версия до 2025-12-04 (исключая)

EPSS

Процентиль: 15%

0.00048

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-204

Связанные уязвимости

GHSA-8w88-46cp-7c4j

CVSS3: 5.3

github

2 месяца назад

Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.

EPSS

Процентиль: 15%

0.00048

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-204