CVE-2025-14095 (GCVE-0-2025-14095)
Vulnerability from cvelistv5 – Published: 2025-12-17 11:45 – Updated: 2025-12-17 21:46
VLAI?
Title
Privilege boundary violation in Radiometer Products
Summary
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.
Other related CVE's are CVE-2025-14096 & CVE-2025-14097.
Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required configuration for Exposure:
Physical access to the analyzer is needed.
Temporary work Around:
Only authorized people can physically access the analyzer.
Permanent solution:
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. Note:
CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.
Severity ?
6.8 (Medium)
5.7 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers |
Affected:
All application software versions with Windows 7, Windows XP as underlying OS
(ABL90 DMS(Data Management System) Application)
Affected: Application software versions < 3.5MR11 with Windows 10 as underlying OS |
|||||||||||||||||
|
|||||||||||||||||||
Credits
Florian Hauser and Fabian Weber from CODE WHITE GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-14095",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:46:47.889591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:46:57.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ABL90 FLEX and ABL90 FLEX PLUS Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "All application software versions with Windows 7, Windows XP as underlying OS",
"versionType": "ABL90 DMS(Data Management System) Application"
},
{
"status": "affected",
"version": "Application software versions \u003c 3.5MR11 with Windows 10 as underlying OS"
}
]
},
{
"defaultStatus": "unaffected",
"product": "AQT90 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "All Application software versions \u003c= 8.13 MR2",
"versionType": "AQT90 DMS(Data Management System) Application"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL800 BASIC and ABL800 FLEX Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 6.20 MR2 with Windows 7, Windows XP as underlying OS",
"versionType": "ABL800 DMS(Data Management System)"
},
{
"status": "affected",
"version": "Application software versions \u003c 6.20 MR2 with Windows 10 as underlying OS",
"versionType": "ABL800 DMS(Data Management System)"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ABL9 Analyzers",
"vendor": "Radiometer Medical Aps",
"versions": [
{
"status": "affected",
"version": "Application software versions \u003c 1.5.0",
"versionType": "CABO application"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Physical access to the analyzer is needed\n\n\u003cbr\u003e"
}
],
"value": "Physical access to the analyzer is needed"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Florian Hauser and Fabian Weber from CODE WHITE GmbH"
}
],
"datePublic": "2025-11-04T12:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA \"Privilege boundary violation\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eOther related CVE\u0027s are CVE-2025-14096 \u0026amp; CVE-2025-14097.\u003cbr\u003e\u003cbr\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003cbr\u003e\u003cbr\u003eRequired configuration for Exposure:\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ePhysical access to the analyzer is needed.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eTemporary work Around:\u003cbr\u003e\n\nOnly authorized people can physically access the analyzer. \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003ePermanent solution:\u003cbr\u003e\u003c/span\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eExploit Status:\u003cbr\u003eResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Note: \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u003c/span\u003e\u0026nbsp;and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A \"Privilege boundary violation\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u00a0\n\nOther related CVE\u0027s are CVE-2025-14096 \u0026 CVE-2025-14097.\n\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\n\nRequired configuration for Exposure:\n\n\nPhysical access to the analyzer is needed.\n\nTemporary work Around:\n\n\nOnly authorized people can physically access the analyzer. \n\nPermanent solution:\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\nExploit Status:\nResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Note: \n\nCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u00a0and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\n\n\u003cbr\u003e"
}
],
"value": "Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233: Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "When underlying OS is Windows7 or WinXp"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "When underlying OS is Win8, Win10"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 \u2014 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T14:07:28.754Z",
"orgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"shortName": "Radiometer"
},
"references": [
{
"url": "https://www.radiometer.com/myradiometer"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Local Radiometer representatives will contact all affected customers to discuss a permanent solution."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-12-17T12:55:00.000Z",
"value": "CVE published"
}
],
"title": "Privilege boundary violation in Radiometer Products",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only authorized people can physically access the analyzer.\n\n\n\n\u003cbr\u003e"
}
],
"value": "Only authorized people can physically access the analyzer."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "46b595e9-1acc-41cb-9398-adaf98d37a9b",
"assignerShortName": "Radiometer",
"cveId": "CVE-2025-14095",
"datePublished": "2025-12-17T11:45:43.341Z",
"dateReserved": "2025-12-05T10:49:53.501Z",
"dateUpdated": "2025-12-17T21:46:57.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-14095\",\"sourceIdentifier\":\"46b595e9-1acc-41cb-9398-adaf98d37a9b\",\"published\":\"2025-12-17T12:15:45.570\",\"lastModified\":\"2025-12-18T15:08:06.237\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A \\\"Privilege boundary violation\\\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u00a0\\n\\nOther related CVE\u0027s are CVE-2025-14096 \u0026 CVE-2025-14097.\\n\\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\\n\\nRequired configuration for Exposure:\\n\\n\\nPhysical access to the analyzer is needed.\\n\\nTemporary work Around:\\n\\n\\nOnly authorized people can physically access the analyzer. \\n\\nPermanent solution:\\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\\n\\n\\n\\nExploit Status:\\nResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Note: \\n\\nCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u00a0and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"46b595e9-1acc-41cb-9398-adaf98d37a9b\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"46b595e9-1acc-41cb-9398-adaf98d37a9b\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-693\"}]}],\"references\":[{\"url\":\"https://www.radiometer.com/myradiometer\",\"source\":\"46b595e9-1acc-41cb-9398-adaf98d37a9b\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-14095\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-17T21:46:47.889591Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-17T21:46:51.983Z\"}}], \"cna\": {\"title\": \"Privilege boundary violation in Radiometer Products\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Florian Hauser and Fabian Weber from CODE WHITE GmbH\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233: Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"When underlying OS is Windows7 or WinXp\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"When underlying OS is Win8, Win10\"}]}], \"affected\": [{\"vendor\": \"Radiometer Medical Aps\", \"product\": \"ABL90 FLEX and ABL90 FLEX PLUS Analyzers\", \"versions\": [{\"status\": \"affected\", \"version\": \"All application software versions with Windows 7, Windows XP as underlying OS\", \"versionType\": \"ABL90 DMS(Data Management System) Application\"}, {\"status\": \"affected\", \"version\": \"Application software versions \u003c 3.5MR11 with Windows 10 as underlying OS\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Radiometer Medical Aps\", \"product\": \"AQT90 FLEX Analyzers\", \"versions\": [{\"status\": \"affected\", \"version\": \"All Application software versions \u003c= 8.13 MR2\", \"versionType\": \"AQT90 DMS(Data Management System) Application\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Radiometer Medical Aps\", \"product\": \"ABL800 BASIC and ABL800 FLEX Analyzers\", \"versions\": [{\"status\": \"affected\", \"version\": \"Application software versions \u003c 6.20 MR2 with Windows 7, Windows XP as underlying OS\", \"versionType\": \"ABL800 DMS(Data Management System)\"}, {\"status\": \"affected\", \"version\": \"Application software versions \u003c 6.20 MR2 with Windows 10 as underlying OS\", \"versionType\": \"ABL800 DMS(Data Management System)\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Radiometer Medical Aps\", \"product\": \"ABL9 Analyzers\", \"versions\": [{\"status\": \"affected\", \"version\": \"Application software versions \u003c 1.5.0\", \"versionType\": \"CABO application\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-12-17T12:55:00.000Z\", \"value\": \"CVE published\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Local Radiometer representatives will contact all affected customers to discuss a permanent solution.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Local Radiometer representatives will contact all affected customers to discuss a permanent solution.\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-11-04T12:30:00.000Z\", \"references\": [{\"url\": \"https://www.radiometer.com/myradiometer\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Only authorized people can physically access the analyzer.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Only authorized people can physically access the analyzer.\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A \\\"Privilege boundary violation\\\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\\u00a0\\n\\nOther related CVE\u0027s are CVE-2025-14096 \u0026 CVE-2025-14097.\\n\\nAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\\n\\nRequired configuration for Exposure:\\n\\n\\nPhysical access to the analyzer is needed.\\n\\nTemporary work Around:\\n\\n\\nOnly authorized people can physically access the analyzer. \\n\\nPermanent solution:\\nLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\\n\\n\\n\\nExploit Status:\\nResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 Note: \\n\\nCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\\u00a0and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA \\\"Privilege boundary violation\\\" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eOther related CVE\u0027s are CVE-2025-14096 \u0026amp; CVE-2025-14097.\u003cbr\u003e\u003cbr\u003eAffected customers have been informed about this vulnerability. This CVE is being published to provide transparency.\u003cbr\u003e\u003cbr\u003eRequired configuration for Exposure:\u003cbr\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ePhysical access to the analyzer is needed.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eTemporary work Around:\u003cbr\u003e\\n\\nOnly authorized people can physically access the analyzer. \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cbr\u003e\u003cbr\u003ePermanent solution:\u003cbr\u003e\u003c/span\u003eLocal Radiometer representatives will contact all affected customers to discuss a permanent solution.\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cbr\u003e\u003cbr\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eExploit Status:\u003cbr\u003eResearchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; Note: \\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eCVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems\u003c/span\u003e\u0026nbsp;and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-693\", \"description\": \"CWE-693 \\u2014 Protection Mechanism Failure\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Physical access to the analyzer is needed\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Physical access to the analyzer is needed\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"46b595e9-1acc-41cb-9398-adaf98d37a9b\", \"shortName\": \"Radiometer\", \"dateUpdated\": \"2025-12-17T14:07:28.754Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-14095\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-17T21:46:57.088Z\", \"dateReserved\": \"2025-12-05T10:49:53.501Z\", \"assignerOrgId\": \"46b595e9-1acc-41cb-9398-adaf98d37a9b\", \"datePublished\": \"2025-12-17T11:45:43.341Z\", \"assignerShortName\": \"Radiometer\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…