Medtronic CareLink Network Insecure Direct Object Reference Vulnerability Allowing Exposure of Sensitive User Information

Vulnerability

An insecure direct object reference vulnerability exists in the Medtronic CareLink Network, affecting versions prior to December 4, 2025. This vulnerability allows an authenticated attacker with access to specific device and user information to send web requests to an API endpoint that could reveal sensitive user data. The issue is limited to the non-medical portion of the CareLink Network and does not impact CareLink home monitors or app-based monitors.

Impact

Exploitation of this vulnerability could lead to unauthorized exposure of sensitive user information by allowing an attacker to manipulate API requests and access data that should be protected.

Added: Dec 4, 2025, 8:26 PM

Updated: Dec 4, 2025, 8:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Medtronic CareLink Network Insecure Direct Object Reference Vulnerability Allowing Exposure of Sensitive User Information

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating