Network-based Denial of Service in Dräger Infinity M300 Patient Monitors
CVE-2019-25721

7.1HIGH

Key Information:

Vendor: Dräger
Status: Infinity M300
Vendor: CVE Published:; 2 June 2026

What is CVE-2019-25721?

The Dräger Infinity M300 patient worn monitors with software versions VG2.3.1 and earlier are susceptible to a network-based denial of service vulnerability. This flaw enables attackers positioned on the same network to exploit the device by sending crafted malicious requests, which can cause the monitor to enter a fail state. This results in repeated device reboots, leading to significant interruptions in wireless connectivity and potentially halting critical patient monitoring functions. This vulnerability highlights the importance of securing medical devices to ensure continuous and reliable patient care.

Affected Version(s)

Infinity M300 0

Infinity M300 VG2.3.2

References

https://static.draeger.com/security

vendor-advisory

https://www.vulncheck.com/advisories/dr-ger-infinity-m300...

third-party-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2019-25721 Data

JSON