Severity by source
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Analysis
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Technical ContextAI
Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Insertion of Sensitive Information into Log File (CWE-532).
RemediationAI
Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.
More in Carelink Network
View allMedtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint
A security vulnerability in Medtronic CareLink Network (CVSS 5.3) that allows an unauthenticated remote attacker. Remedi
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-201287