exploitDog

CVE-2025-12995

Опубликовано: 04 дек. 2025

Источник: nvd

CVSS3: 8.1

CVSS3: 9.8

EPSS Низкий

Описание

Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.

Ссылки

https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:medtronic:carelink_network:*:*:*:*:*:*:*:*

Версия до 2025-12-04 (исключая)

EPSS

Процентиль: 31%

0.00121

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-6jc4-3x8f-xp5r

CVSS3: 8.1

github

2 месяца назад

Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.

EPSS

Процентиль: 31%

0.00121

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-307