CVE-2025-12995
HIGHDescription
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Is your site exposed to CVE-2025-12995?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| medtronic | carelink_network |
References
Frequently Asked Questions
What is CVE-2025-12995? +
How severe is CVE-2025-12995? +
What products are affected by CVE-2025-12995? +
How do I check if I'm vulnerable to CVE-2025-12995? +
Related Vulnerabilities
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to …
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web …
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to …
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary …
This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …