Home

Description

Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to impair therapy functions, manipulate device-processed data, or leverage the device as a pivot point for broader network-based attacks when connected to a network or Dräger Service Connect.

PUBLISHED Reserved 2026-06-02 | Published 2026-06-02 | Updated 2026-06-02 | Assigner VulnCheck




HIGH: 7.0CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.8CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-668 Exposure of Resource to Wrong Sphere

Product status

Default status
unknown

Any version before 1.0.5
affected

Default status
unknown

Any version before 1.0.9
affected

References

www.draeger.com/security vendor-advisory

www.vulncheck.com/...tion-usb-interface-privilege-escalation third-party-advisory

cve.org (CVE-2025-15653)

nvd.nist.gov (CVE-2025-15653)

Download JSON