Cyber Resilience

CVE-2019-25716

HighPublic PoC

Published: 01 June 2026

Published
01 June 2026
Modified
03 June 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 9.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-25716 is a high-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Draeger (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, ranked at the 9.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring…

more

until the device falls back to default configuration and loses network connectivity.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Draeger
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-15

The policy and procedures establish internal controls and change management for system configuration settings, reducing the feasibility of external unauthorized modifications.

addresses: CWE-15

Baseline configuration under change control directly prevents unauthorized external modification of system or configuration settings.

addresses: CWE-15

Requires approval, documentation, and security impact review of all configuration changes, directly preventing unauthorized external control of system settings.

addresses: CWE-15

Impact analysis of configuration changes reduces the risk of deploying settings that permit unauthorized external control.

addresses: CWE-15

Restricting changes to system and configuration settings prevents external entities from controlling those settings without approval.

addresses: CWE-15

Establishing, implementing, approving deviations from, and monitoring configuration settings directly prevents external or unauthorized control of system settings.

addresses: CWE-15

The plan defines processes for identifying and managing configuration items, preventing external unauthorized control of system settings.

addresses: CWE-15

Vulnerability scanners directly detect externally controllable or misconfigured settings using standardized checklists.

References