CVE-2025-15653

Published: Giu 03, 2026 Last Modified: Giu 03, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,0
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 6,8
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to impair therapy functions, manipulate device-processed data, or leverage the device as a pivot point for broader network-based attacks when connected to a network or Dräger Service Connect.

668

Exposure of Resource to Wrong Sphere

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Other
Potential Impacts:
Read Application Data Modify Application Data Varies By Context
Applicable Platforms
All platforms may be affected
View CWE Details
https://www.draeger.com/security
https://www.draeger.com/security
https://www.vulncheck.com/advisories/dr-ger-zeus-ie-anesthe…
https://www.vulncheck.com/advisories/dr-ger-zeus-ie-anesthesia-workstation-usb-…