Denial of Service Vulnerability in Dräger Perseus A500 Software by Dräger
CVE-2019-25723

6.3MEDIUM

Key Information:

Vendor: Dräger
Status: Perseus A500
Vendor: CVE Published:; 2 June 2026

What is CVE-2019-25723?

The Dräger Perseus A500 software, specifically versions 2.00 through 2.02, is susceptible to an improper input handling vulnerability. This flaw allows external attackers to exploit the Medibus interface by sending specially crafted non-compliant data. Consequently, the internal processor may become overloaded, which can lead to a denial of service condition. This results in a temporary interruption of ventilation as the system may trigger a warm restart, causing critical ventilation pressure to drop to ambient levels before therapy resumes, potentially jeopardizing patient safety.

Affected Version(s)

Perseus A500 2.00

Perseus A500 2.01

Perseus A500 2.02

References

https://static.draeger.com/security

vendor-advisory

https://www.vulncheck.com/advisories/dr-ger-perseus-a500-...

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2019-25723 Data

JSON