CVE-2025-15653 HIGH

CVE-2025-15653: Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Vendor Dräger
Product Zeus IE
Weakness CWE-668
Published June 2, 2026
Last update June 3, 2026

CVSS base score

7.0/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to impair therapy functions, manipulate device-processed data, or leverage the device as a pivot point for broader network-based attacks when connected to a network or Dräger Service Connect.

Key dates

02Disclosure timeline

June 2, 2026 CVE published
June 3, 2026 Record updated