CVE-2025-15653
MEDIUMDräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation
Title source: cnaDescription
Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to impair therapy functions, manipulate device-processed data, or leverage the device as a pivot point for broader network-based attacks when connected to a network or Dräger Service Connect.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://www.draeger.com/security
Vendor Advisory vendor-advisory
https://static.draeger.com/security/download/Product-Security-Advisory-25-349-Zeus.pdf
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/dr-ger-zeus-ie-anesthesia-workstation-usb-interface-privilege-escalation
Scores
CVSS v3
6.8
EPSS
0.0017
EPSS Percentile
6.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-668
Status
published
Products (2)
Dräger/Zeus IE
< 1.0.5
Dräger/Zeus RS C500
< 1.0.9
Published
Jun 02, 2026
Tracked Since
Jun 03, 2026