Local Security Vulnerability in Dräger Zeus Infinity Empowered Anesthesia Workstations
CVE-2025-15653

7HIGH

Key Information:

Vendor: Dräger
Status: Zeus Ie; Zeus Rs C500
Vendor: CVE Published:; 2 June 2026

What is CVE-2025-15653?

Dräger Zeus Infinity Empowered and Zeus RS C500 anesthesia workstations are susceptible to a local security vulnerability that can be exploited by unauthorized individuals with physical access. This vulnerability arises from the unprotected USB interfaces that allow attackers to manipulate the integrity of the workstation's software. By exploiting this flaw, attackers can disrupt therapy functions, alter device-processed data, or even use the workstation as a gateway to launch broader network attacks, especially when the device is connected to a network or Dräger Service Connect.

Affected Version(s)

Zeus IE 0 < 1.0.5

Zeus RS C500 0 < 1.0.9

References

https://www.draeger.com/security

vendor-advisory

https://www.vulncheck.com/advisories/dr-ger-zeus-ie-anest...

third-party-advisory

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2025-15653 Data

JSON