Cyber Resilience

CVE-2019-25720

HighPublic PoC

Published: 03 June 2026

Published
03 June 2026
Modified
04 June 2026
KEV Added
Patch
CVSS Score v4 7.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0020 9.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-25720 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Draeger (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, ranked at the 9.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly…

more

send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.

CWE(s)

Related Threats

CVEs Like This One

CVE-2026-24087Shared CWE-1286
CVE-2026-24092Shared CWE-1286
CVE-2026-21917Shared CWE-1286
CVE-2025-22868Shared CWE-1286
CVE-2026-24091Shared CWE-1286
CVE-2025-0638Shared CWE-1286
CVE-2025-41719Shared CWE-1286
CVE-2026-7307Shared CWE-1286
CVE-2026-24089Shared CWE-1286
CVE-2026-40198Shared CWE-1286

Affected Assets

Draeger
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References