CVE-2025-15653
Dräger Zeus Infinity Empowered USB Interface Security Bypass
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dräger | zeus_infinity_empowered | * |
| dräger | zeus_rs_c500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-668 | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. It is a local security issue that allows unauthorized individuals who have physical access to the device to compromise its software integrity by manipulating the USB interfaces. Because the USB interfaces are unprotected, attackers can exploit them to interfere with therapy functions, alter data processed by the device, or use the device as a pivot point to launch broader network attacks if the device is connected to a network or Dräger Service Connect.
How can this vulnerability impact me? :
The impact of this vulnerability includes the potential impairment of therapy functions provided by the anesthesia workstations, manipulation of critical device-processed data, and the risk of the device being used as a pivot point for further network-based attacks. This could lead to compromised patient care, incorrect medical data, and broader security breaches within connected healthcare networks.