Search criteria
6 vulnerabilities found for ABL800 BASIC and ABL800 FLEX analyzers by Radiometer Medical Aps
CVE-2025-14097 (GCVE-0-2025-14097)
Vulnerability from nvd – Published: 2025-12-17 12:36 – Updated: 2025-12-17 14:41
VLAI?
Title
Remote Code Execution Vulnerability in Radiometer Products
Summary
A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software. Other related CVE's are CVE-2025-14095 & CVE-2025-14096. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer. Temporary work Around: If the network is not considered secure, please remove the analyzer from the network. Permanent solution:
Customers should ensure the following:
• The network is secure, and access follows best practices.
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.
Severity ?
7.2 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers |
Affected:
Application software versions < 3.5MR11 with Windows 7, Windows XP operating systems
(ABL90 DMS (Data Management system))
Unaffected: Application software versions >= 3.5MR11 with Windows 10 operating system (ABL90 DMS (Data Management system)) |
||||||||||||
|
||||||||||||||
Credits
Florian Hauser and Fabian Weber from CODE WHITE GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T14:40:30.048229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T14:41:13.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABL90 FLEX and ABL90 FLEX PLUS Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 3.5MR11 with Windows 7, Windows XP operating systems",
"versionType": "ABL90 DMS (Data Management system)"
},
{
"status": "unaffected",
"version": "Application software versions \u003e= 3.5MR11 with Windows 10 operating system",
"versionType": "ABL90 DMS (Data Management system)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL800 BASIC and ABL800 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 6.20MR2 with Windows 7, Windows XP operating systems",
"versionType": "ABL800 DMS(Data Management System)"
},
{
"status": "unaffected",
"version": "Application software versions \u003e= 6.20MR2 with Windows 10 operating system",
"versionType": "ABL800 DMS(Data Management System)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AQT90 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c= 8.13 MR2 with Windows 7, Windows XP operating systems",
"versionType": "AQT90 DMS (Data Management System)"
},
{
"status": "unaffected",
"version": "Application software versions \u003e= 8.13 MR2 with Windows 10 operating system",
"versionType": "AQT90 DMS (Data Management System)"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected application software version is in use AND Remote support feature is enabled in the Analyzer.\n\n\u003cbr\u003e"
}
],
"value": "Affected application software version is in use AND Remote support feature is enabled in the Analyzer."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser and Fabian Weber from CODE WHITE GmbH"
}
],
"datePublic": "2025-12-17T12:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer\u2019s application software.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Other related CVE\u0027s are CVE-2025-14095 \u0026amp; CVE-2025-14096.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003eRequired Configuration for Exposure:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffected application software version is in use and remote support feature is enabled in the analyzer.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003eTemporary work Around: If the network is not considered secure, please remove the analyzer from the network.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Permanent solution:\u003cbr\u003eCustomers should ensure the following:\u003cbr\u003e\u2022 The network is secure, and access follows best practices.\u003cbr\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cbr\u003eExploit Status:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eResearchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer\u2019s application software.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Other related CVE\u0027s are CVE-2025-14095 \u0026 CVE-2025-14096.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\n\n\nRequired Configuration for Exposure:\u00a0Affected application software version is in use and remote support feature is enabled in the analyzer.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temporary work Around: If the network is not considered secure, please remove the analyzer from the network.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Permanent solution:\nCustomers should ensure the following:\n\u2022 The network is secure, and access follows best practices.\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\nExploit Status:\n\n\nResearchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.\n\n\u003cbr\u003e"
}
],
"value": "Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555: Remote Services with Stolen Credentials"
}
]
},
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653: Use of Known Operating System Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T13:14:55.334Z",
"orgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"shortName": "Radiometer"
},
"references": [
{
"url": "https://www.radiometer.com/myradiometer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should ensure the following:\u003cbr\u003e\u2022 The network is secure, and access follows best practices.\u003cbr\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Customers should ensure the following:\n\u2022 The network is secure, and access follows best practices.\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-12-17T12:35:00.000Z",
"value": "CVE Published"
}
],
"title": "Remote Code Execution Vulnerability in Radiometer Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If the network is not considered secure, please remove the analyzer from the network."
}
],
"value": "If the network is not considered secure, please remove the analyzer from the network."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"assignerShortName": "Radiometer",
"cveId": "CVE-2025-14097",
"datePublished": "2025-12-17T12:36:03.779Z",
"dateReserved": "2025-12-05T10:50:03.683Z",
"dateUpdated": "2025-12-17T14:41:13.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14096 (GCVE-0-2025-14096)
Vulnerability from nvd – Published: 2025-12-17 12:19 – Updated: 2025-12-17 14:43
VLAI?
Title
Credential Disclosure vulnerability in Radiometer Products
Summary
A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.
Other related CVE's are CVE-2025-14095 & CVE-2025-14097.
Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required Configuration for Exposure:
Attacker requires physical access to the analyzer.
Temporary work Around:
Only authorized people can physically access the analyzer.
Permanent solution:
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.
Severity ?
8.4 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers |
Affected:
Windows 7 Operating system
(Radiometer Customized Windows Operating System)
Affected: Windows XP Operating system (Radiometer Customized Windows Operating System) |
||||||||||||
|
||||||||||||||
Credits
Florian Hauser and Fabian Weber from CODE WHITE GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T14:42:57.843796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T14:43:16.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows XP",
"Windows 7"
],
"product": "ABL90 FLEX and ABL90 FLEX PLUS Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Windows 7 Operating system",
"versionType": "Radiometer Customized Windows Operating System"
},
{
"status": "affected",
"version": "Windows XP Operating system",
"versionType": "Radiometer Customized Windows Operating System"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 7",
"Windows XP"
],
"product": "AQT90 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Windows 7 Operating system",
"versionType": "Radiometer Customized Windows Operating System"
},
{
"status": "affected",
"version": "Windows XP Operating system",
"versionType": "Radiometer Customized Windows Operating System"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 7",
"Windows XP"
],
"product": "ABL800 BASIC and ABL800 FLEX analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Windows 7 Operating system",
"versionType": "Radiometer Customized Windows Operating System"
},
{
"status": "affected",
"version": "Windows XP Operating system",
"versionType": "Radiometer Customized Windows Operating System"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Requires physical access to the Analyzer.\n\n\u003cbr\u003e"
}
],
"value": "Requires physical access to the Analyzer."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser and Fabian Weber from CODE WHITE GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.\u003cbr\u003e\u003cbr\u003eOther related CVE\u0027s are CVE-2025-14095 \u0026amp; CVE-2025-14097.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRequired Configuration for Exposure:\u003cbr\u003e\u003c/span\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAttacker requires physical access to the analyzer.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003eTemporary work Around:\u003cbr\u003eOnly authorized people can physically access the analyzer.\u003cbr\u003e\u003cbr\u003ePermanent solution:\u003cbr\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u003cbr\u003e\u003cbr\u003eExploit Status:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eResearchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.\n\nOther related CVE\u0027s are CVE-2025-14095 \u0026 CVE-2025-14097.\n\n\n\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\n\n\n\n\nRequired Configuration for Exposure:\n\n\nAttacker requires physical access to the analyzer.\n\n\n\nTemporary work Around:\nOnly authorized people can physically access the analyzer.\n\nPermanent solution:\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\nExploit Status:\n\n\nResearchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.\n\n\u003cbr\u003e"
}
],
"value": "Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication."
}
],
"impacts": [
{
"capecId": "CAPEC-69",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-69 \u2014 Target Programs with Elevated Privileges"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T13:03:05.696Z",
"orgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"shortName": "Radiometer"
},
"references": [
{
"url": "https://www.radiometer.com/myradiometer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-12-17T13:01:00.000Z",
"value": "CVE Published"
}
],
"title": "Credential Disclosure vulnerability in Radiometer Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only authorized people can physically access the analyzer.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Only authorized people can physically access the analyzer."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"assignerShortName": "Radiometer",
"cveId": "CVE-2025-14096",
"datePublished": "2025-12-17T12:19:27.489Z",
"dateReserved": "2025-12-05T10:50:00.566Z",
"dateUpdated": "2025-12-17T14:43:16.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14095 (GCVE-0-2025-14095)
Vulnerability from nvd – Published: 2025-12-17 11:45 – Updated: 2025-12-17 21:46
VLAI?
Title
Privilege boundary violation in Radiometer Products
Summary
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.
Other related CVE's are CVE-2025-14096 & CVE-2025-14097.
Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required configuration for Exposure:
Physical access to the analyzer is needed.
Temporary work Around:
Only authorized people can physically access the analyzer.
Permanent solution:
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. Note:
CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.
Severity ?
6.8 (Medium)
5.7 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers |
Affected:
All application software versions with Windows 7, Windows XP as underlying OS
(ABL90 DMS(Data Management System) Application)
Affected: Application software versions < 3.5MR11 with Windows 10 as underlying OS |
|||||||||||||||||
|
|||||||||||||||||||
Credits
Florian Hauser and Fabian Weber from CODE WHITE GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:46:47.889591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:46:57.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABL90 FLEX and ABL90 FLEX PLUS Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "All application software versions with Windows 7, Windows XP as underlying OS",
"versionType": "ABL90 DMS(Data Management System) Application"
},
{
"status": "affected",
"version": "Application software versions \u003c 3.5MR11 with Windows 10 as underlying OS"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AQT90 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "All Application software versions \u003c= 8.13 MR2",
"versionType": "AQT90 DMS(Data Management System) Application"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL800 BASIC and ABL800 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 6.20 MR2 with Windows 7, Windows XP as underlying OS",
"versionType": "ABL800 DMS(Data Management System)"
},
{
"status": "affected",
"version": "Application software versions \u003c 6.20 MR2 with Windows 10 as underlying OS",
"versionType": "ABL800 DMS(Data Management System)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL9 Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 1.5.0",
"versionType": "CABO application"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Physical access to the analyzer is needed\n\n\u003cbr\u003e"
}
],
"value": "Physical access to the analyzer is needed"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser and Fabian Weber from CODE WHITE GmbH"
}
],
"datePublic": "2025-11-04T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA \"Privilege boundary violation\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eOther related CVE\u0027s are CVE-2025-14096 \u0026amp; CVE-2025-14097.\u003cbr\u003e\u003cbr\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003cbr\u003e\u003cbr\u003eRequired configuration for Exposure:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePhysical access to the analyzer is needed.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eTemporary work Around:\u003cbr\u003e\n\nOnly authorized people can physically access the analyzer. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003ePermanent solution:\u003cbr\u003e\u003c/span\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eExploit Status:\u003cbr\u003eResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Note: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u003c/span\u003e\u0026nbsp;and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A \"Privilege boundary violation\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u00a0\n\nOther related CVE\u0027s are CVE-2025-14096 \u0026 CVE-2025-14097.\n\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\nRequired configuration for Exposure:\n\n\nPhysical access to the analyzer is needed.\n\nTemporary work Around:\n\n\nOnly authorized people can physically access the analyzer. \n\nPermanent solution:\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\nExploit Status:\nResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Note: \n\nCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u00a0and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\n\n\u003cbr\u003e"
}
],
"value": "Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "When underlying OS is Windows7 or WinXp"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "When underlying OS is Win8, Win10"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 \u2014 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T14:07:28.754Z",
"orgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"shortName": "Radiometer"
},
"references": [
{
"url": "https://www.radiometer.com/myradiometer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-12-17T12:55:00.000Z",
"value": "CVE published"
}
],
"title": "Privilege boundary violation in Radiometer Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only authorized people can physically access the analyzer.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Only authorized people can physically access the analyzer."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"assignerShortName": "Radiometer",
"cveId": "CVE-2025-14095",
"datePublished": "2025-12-17T11:45:43.341Z",
"dateReserved": "2025-12-05T10:49:53.501Z",
"dateUpdated": "2025-12-17T21:46:57.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14097 (GCVE-0-2025-14097)
Vulnerability from cvelistv5 – Published: 2025-12-17 12:36 – Updated: 2025-12-17 14:41
VLAI?
Title
Remote Code Execution Vulnerability in Radiometer Products
Summary
A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software. Other related CVE's are CVE-2025-14095 & CVE-2025-14096. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer. Temporary work Around: If the network is not considered secure, please remove the analyzer from the network. Permanent solution:
Customers should ensure the following:
• The network is secure, and access follows best practices.
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.
Severity ?
7.2 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers |
Affected:
Application software versions < 3.5MR11 with Windows 7, Windows XP operating systems
(ABL90 DMS (Data Management system))
Unaffected: Application software versions >= 3.5MR11 with Windows 10 operating system (ABL90 DMS (Data Management system)) |
||||||||||||
|
||||||||||||||
Credits
Florian Hauser and Fabian Weber from CODE WHITE GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T14:40:30.048229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T14:41:13.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABL90 FLEX and ABL90 FLEX PLUS Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 3.5MR11 with Windows 7, Windows XP operating systems",
"versionType": "ABL90 DMS (Data Management system)"
},
{
"status": "unaffected",
"version": "Application software versions \u003e= 3.5MR11 with Windows 10 operating system",
"versionType": "ABL90 DMS (Data Management system)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL800 BASIC and ABL800 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 6.20MR2 with Windows 7, Windows XP operating systems",
"versionType": "ABL800 DMS(Data Management System)"
},
{
"status": "unaffected",
"version": "Application software versions \u003e= 6.20MR2 with Windows 10 operating system",
"versionType": "ABL800 DMS(Data Management System)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AQT90 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c= 8.13 MR2 with Windows 7, Windows XP operating systems",
"versionType": "AQT90 DMS (Data Management System)"
},
{
"status": "unaffected",
"version": "Application software versions \u003e= 8.13 MR2 with Windows 10 operating system",
"versionType": "AQT90 DMS (Data Management System)"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Affected application software version is in use AND Remote support feature is enabled in the Analyzer.\n\n\u003cbr\u003e"
}
],
"value": "Affected application software version is in use AND Remote support feature is enabled in the Analyzer."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser and Fabian Weber from CODE WHITE GmbH"
}
],
"datePublic": "2025-12-17T12:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer\u2019s application software.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Other related CVE\u0027s are CVE-2025-14095 \u0026amp; CVE-2025-14096.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003eRequired Configuration for Exposure:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffected application software version is in use and remote support feature is enabled in the analyzer.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003c/span\u003eTemporary work Around: If the network is not considered secure, please remove the analyzer from the network.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;Permanent solution:\u003cbr\u003eCustomers should ensure the following:\u003cbr\u003e\u2022 The network is secure, and access follows best practices.\u003cbr\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;\u003cbr\u003eExploit Status:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eResearchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer\u2019s application software.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Other related CVE\u0027s are CVE-2025-14095 \u0026 CVE-2025-14096.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\n\n\nRequired Configuration for Exposure:\u00a0Affected application software version is in use and remote support feature is enabled in the analyzer.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temporary work Around: If the network is not considered secure, please remove the analyzer from the network.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Permanent solution:\nCustomers should ensure the following:\n\u2022 The network is secure, and access follows best practices.\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\nExploit Status:\n\n\nResearchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.\n\n\u003cbr\u003e"
}
],
"value": "Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication."
}
],
"impacts": [
{
"capecId": "CAPEC-555",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-555: Remote Services with Stolen Credentials"
}
]
},
{
"capecId": "CAPEC-653",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-653: Use of Known Operating System Credentials"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T13:14:55.334Z",
"orgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"shortName": "Radiometer"
},
"references": [
{
"url": "https://www.radiometer.com/myradiometer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers should ensure the following:\u003cbr\u003e\u2022 The network is secure, and access follows best practices.\u003cbr\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Customers should ensure the following:\n\u2022 The network is secure, and access follows best practices.\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-12-17T12:35:00.000Z",
"value": "CVE Published"
}
],
"title": "Remote Code Execution Vulnerability in Radiometer Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If the network is not considered secure, please remove the analyzer from the network."
}
],
"value": "If the network is not considered secure, please remove the analyzer from the network."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"assignerShortName": "Radiometer",
"cveId": "CVE-2025-14097",
"datePublished": "2025-12-17T12:36:03.779Z",
"dateReserved": "2025-12-05T10:50:03.683Z",
"dateUpdated": "2025-12-17T14:41:13.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14096 (GCVE-0-2025-14096)
Vulnerability from cvelistv5 – Published: 2025-12-17 12:19 – Updated: 2025-12-17 14:43
VLAI?
Title
Credential Disclosure vulnerability in Radiometer Products
Summary
A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.
Other related CVE's are CVE-2025-14095 & CVE-2025-14097.
Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required Configuration for Exposure:
Attacker requires physical access to the analyzer.
Temporary work Around:
Only authorized people can physically access the analyzer.
Permanent solution:
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.
Severity ?
8.4 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers |
Affected:
Windows 7 Operating system
(Radiometer Customized Windows Operating System)
Affected: Windows XP Operating system (Radiometer Customized Windows Operating System) |
||||||||||||
|
||||||||||||||
Credits
Florian Hauser and Fabian Weber from CODE WHITE GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14096",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T14:42:57.843796Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T14:43:16.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows XP",
"Windows 7"
],
"product": "ABL90 FLEX and ABL90 FLEX PLUS Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Windows 7 Operating system",
"versionType": "Radiometer Customized Windows Operating System"
},
{
"status": "affected",
"version": "Windows XP Operating system",
"versionType": "Radiometer Customized Windows Operating System"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 7",
"Windows XP"
],
"product": "AQT90 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Windows 7 Operating system",
"versionType": "Radiometer Customized Windows Operating System"
},
{
"status": "affected",
"version": "Windows XP Operating system",
"versionType": "Radiometer Customized Windows Operating System"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 7",
"Windows XP"
],
"product": "ABL800 BASIC and ABL800 FLEX analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Windows 7 Operating system",
"versionType": "Radiometer Customized Windows Operating System"
},
{
"status": "affected",
"version": "Windows XP Operating system",
"versionType": "Radiometer Customized Windows Operating System"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Requires physical access to the Analyzer.\n\n\u003cbr\u003e"
}
],
"value": "Requires physical access to the Analyzer."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser and Fabian Weber from CODE WHITE GmbH"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.\u003cbr\u003e\u003cbr\u003eOther related CVE\u0027s are CVE-2025-14095 \u0026amp; CVE-2025-14097.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRequired Configuration for Exposure:\u003cbr\u003e\u003c/span\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAttacker requires physical access to the analyzer.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003eTemporary work Around:\u003cbr\u003eOnly authorized people can physically access the analyzer.\u003cbr\u003e\u003cbr\u003ePermanent solution:\u003cbr\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u003cbr\u003e\u003cbr\u003eExploit Status:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eResearchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.\n\nOther related CVE\u0027s are CVE-2025-14095 \u0026 CVE-2025-14097.\n\n\n\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\n\n\n\n\nRequired Configuration for Exposure:\n\n\nAttacker requires physical access to the analyzer.\n\n\n\nTemporary work Around:\nOnly authorized people can physically access the analyzer.\n\nPermanent solution:\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\nExploit Status:\n\n\nResearchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.\n\n\u003cbr\u003e"
}
],
"value": "Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication."
}
],
"impacts": [
{
"capecId": "CAPEC-69",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-69 \u2014 Target Programs with Elevated Privileges"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798: Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T13:03:05.696Z",
"orgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"shortName": "Radiometer"
},
"references": [
{
"url": "https://www.radiometer.com/myradiometer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-12-17T13:01:00.000Z",
"value": "CVE Published"
}
],
"title": "Credential Disclosure vulnerability in Radiometer Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only authorized people can physically access the analyzer.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Only authorized people can physically access the analyzer."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"assignerShortName": "Radiometer",
"cveId": "CVE-2025-14096",
"datePublished": "2025-12-17T12:19:27.489Z",
"dateReserved": "2025-12-05T10:50:00.566Z",
"dateUpdated": "2025-12-17T14:43:16.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-14095 (GCVE-0-2025-14095)
Vulnerability from cvelistv5 – Published: 2025-12-17 11:45 – Updated: 2025-12-17 21:46
VLAI?
Title
Privilege boundary violation in Radiometer Products
Summary
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.
Other related CVE's are CVE-2025-14096 & CVE-2025-14097.
Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required configuration for Exposure:
Physical access to the analyzer is needed.
Temporary work Around:
Only authorized people can physically access the analyzer.
Permanent solution:
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. Note:
CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.
Severity ?
6.8 (Medium)
5.7 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers |
Affected:
All application software versions with Windows 7, Windows XP as underlying OS
(ABL90 DMS(Data Management System) Application)
Affected: Application software versions < 3.5MR11 with Windows 10 as underlying OS |
|||||||||||||||||
|
|||||||||||||||||||
Credits
Florian Hauser and Fabian Weber from CODE WHITE GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:46:47.889591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:46:57.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABL90 FLEX and ABL90 FLEX PLUS Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "All application software versions with Windows 7, Windows XP as underlying OS",
"versionType": "ABL90 DMS(Data Management System) Application"
},
{
"status": "affected",
"version": "Application software versions \u003c 3.5MR11 with Windows 10 as underlying OS"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AQT90 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "All Application software versions \u003c= 8.13 MR2",
"versionType": "AQT90 DMS(Data Management System) Application"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL800 BASIC and ABL800 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 6.20 MR2 with Windows 7, Windows XP as underlying OS",
"versionType": "ABL800 DMS(Data Management System)"
},
{
"status": "affected",
"version": "Application software versions \u003c 6.20 MR2 with Windows 10 as underlying OS",
"versionType": "ABL800 DMS(Data Management System)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL9 Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 1.5.0",
"versionType": "CABO application"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Physical access to the analyzer is needed\n\n\u003cbr\u003e"
}
],
"value": "Physical access to the analyzer is needed"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser and Fabian Weber from CODE WHITE GmbH"
}
],
"datePublic": "2025-11-04T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA \"Privilege boundary violation\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eOther related CVE\u0027s are CVE-2025-14096 \u0026amp; CVE-2025-14097.\u003cbr\u003e\u003cbr\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003cbr\u003e\u003cbr\u003eRequired configuration for Exposure:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePhysical access to the analyzer is needed.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eTemporary work Around:\u003cbr\u003e\n\nOnly authorized people can physically access the analyzer. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003ePermanent solution:\u003cbr\u003e\u003c/span\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eExploit Status:\u003cbr\u003eResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Note: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u003c/span\u003e\u0026nbsp;and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A \"Privilege boundary violation\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u00a0\n\nOther related CVE\u0027s are CVE-2025-14096 \u0026 CVE-2025-14097.\n\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\nRequired configuration for Exposure:\n\n\nPhysical access to the analyzer is needed.\n\nTemporary work Around:\n\n\nOnly authorized people can physically access the analyzer. \n\nPermanent solution:\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\nExploit Status:\nResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Note: \n\nCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u00a0and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\n\n\u003cbr\u003e"
}
],
"value": "Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "When underlying OS is Windows7 or WinXp"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "When underlying OS is Win8, Win10"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 \u2014 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T14:07:28.754Z",
"orgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"shortName": "Radiometer"
},
"references": [
{
"url": "https://www.radiometer.com/myradiometer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-12-17T12:55:00.000Z",
"value": "CVE published"
}
],
"title": "Privilege boundary violation in Radiometer Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only authorized people can physically access the analyzer.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Only authorized people can physically access the analyzer."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"assignerShortName": "Radiometer",
"cveId": "CVE-2025-14095",
"datePublished": "2025-12-17T11:45:43.341Z",
"dateReserved": "2025-12-05T10:49:53.501Z",
"dateUpdated": "2025-12-17T21:46:57.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}