VDE-2025-028

Vulnerability from csaf_certvde - Published: 2025-08-05 10:00 - Updated: 2026-01-06 11:00
Summary
Draeger: ICMHelper is vulnerable to a privilege escalation
Severity
High
Notes
Summary: A security vulnerability was identified in the ICMHelper service running on the system of an ICM installation. A low privileged local attacker could exploit this vulnerability to issue OS commands with the highest privileges.
Impact: The vulnerability CVE-2025-41698 allows an attacker to gain full access to application, sensitive information, client system and server. This requires successful exploitation of CVE-2025-2810.
Disclaimer: If you have any further questions related to the impact of the vulnerabilities, please contact your designated regional marketing manager. For reporting incidents and potential vulnerabilities in our devices, please refer to https://static.draeger.com/security to contact the Product Security team directly. The full text of this advisory can be accessed through https://static.draeger.com/security.
Remediation: The issue has been fixed in ICMHelper version 2.0.1.0.
CVE-2025-2810

A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.

5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-321 - Use of Hard-coded Cryptographic Key
Vendor Fix The issue has been fixed in ICMHelper version 2.0.1.0.
CVE-2025-41698

A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.

7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-862 - Missing Authorization
Vendor Fix The issue has been fixed in ICMHelper version 2.0.1.0.
References
Acknowledgments
CERT@VDE certvde.com
CODE WHITE GmbH
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "organization": "CODE WHITE GmbH",
        "summary": "responsible disclosure"
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "high"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "A security vulnerability was identified in the ICMHelper service running on the system of an ICM installation. \nA low privileged local attacker could exploit this vulnerability to issue OS commands with the highest privileges.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "The vulnerability CVE-2025-41698 allows an attacker to gain full access to application, sensitive information, client system and server. This requires successful exploitation of CVE-2025-2810.\n",
        "title": "Impact"
      },
      {
        "category": "legal_disclaimer",
        "text": "If you have any further questions related to the impact of the vulnerabilities, please contact your designated regional marketing manager. For reporting incidents and potential vulnerabilities in our devices, please refer to https://static.draeger.com/security to contact the Product Security team directly.\nThe full text of this advisory can be accessed through https://static.draeger.com/security.",
        "title": "Disclaimer"
      },
      {
        "category": "description",
        "text": "The issue has been fixed in ICMHelper version 2.0.1.0. ",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "csaf@certvde.com",
      "name": "CERT@VDE",
      "namespace": "https://certvde.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2025-028: Draeger: ICMHelper is vulnerable to a privilege escalation - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2025-028/"
      },
      {
        "category": "self",
        "summary": "VDE-2025-028: Draeger: ICMHelper is vulnerable to a privilege escalation - CSAF",
        "url": "https://certvde.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-028.json"
      }
    ],
    "title": "Draeger: ICMHelper is vulnerable to a privilege escalation",
    "tracking": {
      "aliases": [
        "VDE-2025-028"
      ],
      "current_release_date": "2026-01-06T11:00:00.000Z",
      "generator": {
        "date": "2026-01-08T09:24:24.699Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.41"
        }
      },
      "id": "VDE-2025-028",
      "initial_release_date": "2025-08-05T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-08-05T10:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision."
        },
        {
          "date": "2025-12-15T11:00:00.000Z",
          "number": "2.0.0",
          "summary": "Changes to publisher\nAdded CPEs as product_identification_helper"
        },
        {
          "date": "2026-01-06T11:00:00.000Z",
          "number": "3.0.0",
          "summary": "fixed version range, fixed Aggregate severity, changed vulnerability Title to CVE description, fix CPE to have at least one for affected products"
        }
      ],
      "status": "final",
      "version": "3.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:generic/\u003c=1.4.0.1",
                        "product": {
                          "name": "Draeger ICMHelper \u003c=1.4.0.1",
                          "product_id": "CSAFPID-0001",
                          "product_identification_helper": {
                            "cpe": "cpe:2.3:a:Draeger:ICMHelper:1.4.0.1*:*:*:*:*:*:*:*"
                          }
                        }
                      },
                      {
                        "category": "product_version",
                        "name": "2.0.1.0",
                        "product": {
                          "name": "Draeger ICMHelper 2.0.1.0",
                          "product_id": "CSAFPID-0002",
                          "product_identification_helper": {
                            "cpe": "cpe:2.3:a:Draeger:ICMHelper:2.0.1.0:*:*:*:*:*:*:*"
                          }
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "ICMHelper"
                  }
                ],
                "category": "product_family",
                "name": "ICM"
              }
            ],
            "category": "product_family",
            "name": "Patient Monitoring"
          }
        ],
        "category": "vendor",
        "name": "Draeger"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-2810",
      "cwe": {
        "id": "CWE-321",
        "name": "Use of Hard-coded Cryptographic Key"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002"
        ],
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The issue has been fixed in ICMHelper version 2.0.1.0. ",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.5,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 5.5,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2025-2810"
    },
    {
      "cve": "CVE-2025-41698",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0002"
        ],
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The issue has been fixed in ICMHelper version 2.0.1.0. ",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ],
      "title": "CVE-2025-41698"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.