Medtronic CareLink Network User Enumeration Vulnerability

Vulnerability

A vulnerability in the Medtronic CareLink Network allows an unauthenticated remote attacker to send requests to an API endpoint for security questions, potentially leading to user account enumeration. This issue affects CareLink Network versions prior to December 4, 2025.

Impact

Exploitation of this vulnerability could allow an attacker to enumerate user accounts, determine valid passwords, and access user information through the application's API endpoints.

Added: Dec 4, 2025, 8:27 PM

Updated: Dec 4, 2025, 8:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Medtronic CareLink Network User Enumeration Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating