Network-Based Denial of Service Vulnerability in Dräger Infinity M300 Patient Monitors
CVE-2019-25724

7.1HIGH

Key Information:

Vendor: Dräger
Status: Infinity M300
Vendor: CVE Published:; 2 June 2026

What is CVE-2019-25724?

Dräger's Infinity M300 patient monitors, running software version VG2.x and earlier, are susceptible to a network-based denial of service vulnerability. Attackers with access to the hospital or Infinity Network can exploit this flaw to trigger repeated device reboots. This exploitation results in the monitor entering a fail state, which requires manual intervention to restart. If compromised, this vulnerability can lead to significant disruptions, including loss of wireless connectivity, temporary lapses in patient monitoring, and interruptions in alarm functionalities, posing a serious risk to patient safety.

Affected Version(s)

Infinity M300 VG2.x and earlier

Infinity M300 VG3.0

References

https://static.draeger.com/security

vendor-advisory

https://www.vulncheck.com/advisories/dr-ger-infinity-m300...

third-party-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2019-25724 Data

JSON