Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attackers with access to an enabled Infinity network port or physical proximity to a wireless access point can modify device settings such as alarm states or alarm limits, and overwhelm the system with incoming data causing the device to reboot and lose network functionality.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
CVE-2019-25719 affects Dräger Infinity patient monitoring systems, critical devices used in acute care settings to track vital patient data. The vulnerability allows network-adjacent attackers to spoof or tamper with network messages, potentially modifying alarm states, alarm limits, and other clinical settings. Attackers require either access to an enabled Infinity network port or physical proximity to wireless access points. This poses severe risk to patient safety—manipulated alarms could mask deteriorating conditions or trigger false alerts—and availability, as attackers can overwhelm systems with denial-of-service conditions. Healthcare organizations using Dräger Infinity monitors (VG4.1.1, VG4.0.3, and earlier versions) are directly affected, making this a critical patch management priority.
While this CVE lacks explicit MITRE ATT&CK mapping, Casky's 754 security skills enable detection of the underlying attack patterns through network anomaly analysis and protocol integrity monitoring. Practitioners using Casky would identify suspicious indicators including: unexpected modifications to device configuration parameters without authenticated commands, abnormal network traffic patterns targeting the Infinity network port, and rapid sequences of incoming messages that correlate with system performance degradation. Claude's extended reasoning capabilities would correlate these signals with medical device firmware baselines and known tampering behaviors, alerting practitioners to potential Execution and Impact phases of an attack. While no specific MITRE technique codes apply here, detection focuses on unauthorized Command and Control communication and Resource Denial patterns typical of medical device exploitations.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2019-25719. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation