CVE-2019-25718
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation in Dräger Infinity Explorer C700 Kiosk Mode

Publication date: 2026-06-01

Last updated on: 2026-06-03

Assigner: VulnCheck

Description
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-03
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2019-25718
EUVD
EUVD-2019-20154
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dräger infinity_explorer_c700 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-451 The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, it is recommended to follow Dräger's coordinated disclosure and security update procedures.

This includes reporting the vulnerability responsibly to Dräger Security, awaiting their verification and fix development, and applying any released updates or patches promptly.

Additionally, coordinate with Dräger to minimize risks to users and follow their guidelines for secure communication and responsible security testing.

Executive Summary

The Dräger Infinity Explorer C700 device contains a privilege escalation vulnerability that allows attackers to escape from kiosk mode by interacting with a specific dialog. This escape enables attackers to access the underlying operating system.

Once the attacker gains control of the operating system, they can manipulate the device to display incorrect information or no information at all from the connected Delta Family patient monitor.

Impact Analysis

This vulnerability can allow an attacker to take control of the device's operating system by escaping kiosk mode.

As a result, the attacker can cause the device to show incorrect or missing patient monitoring data, which could lead to misinformed clinical decisions and potentially harm patients.

Compliance Impact

The provided information does not specify how the privilege escalation vulnerability in Dräger Infinity Explorer C700 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart