CVE-2025-12997

Name of the Vulnerable Software and Affected Versions Medtronic CareLink Network versions prior to December 4, 2025

Description An Insecure Direct Object Reference issue exists in Medtronic CareLink Network. An authenticated attacker, possessing access to specific device and user information, can submit web requests to an API endpoint and potentially expose sensitive user information. The vulnerable API endpoint is not specified. The vulnerable parameters or variables are not specified.

Recommendations Update Medtronic CareLink Network to a version released on or after December 4, 2025.