Home

Description

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software.                                                                                                                                                                                                Other related CVE's are CVE-2025-14095 & CVE-2025-14096.                                                                                                      Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer.                                                                                                                                                                        Temporary work Around: If the network is not considered secure, please remove the analyzer from the network.                         Permanent solution: Customers should ensure the following: • The network is secure, and access follows best practices. Local Radiometer representatives will contact all affected customers to discuss a permanent solution.                                                      Exploit Status: Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.

PUBLISHED Reserved 2025-12-05 | Published 2025-12-17 | Updated 2025-12-17 | Assigner Radiometer




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-287: Improper Authentication

Product status

Default status
unaffected

Application software versions < 3.5MR11 with Windows 7, Windows XP operating systems (ABL90 DMS (Data Management system))
affected

Application software versions >= 3.5MR11 with Windows 10 operating system (ABL90 DMS (Data Management system))
unaffected

Default status
unaffected

Application software versions < 6.20MR2 with Windows 7, Windows XP operating systems (ABL800 DMS(Data Management System))
affected

Application software versions >= 6.20MR2 with Windows 10 operating system (ABL800 DMS(Data Management System))
unaffected

Default status
unaffected

Application software versions <= 8.13 MR2 with Windows 7, Windows XP operating systems (AQT90 DMS (Data Management System))
affected

Application software versions >= 8.13 MR2 with Windows 10 operating system (AQT90 DMS (Data Management System))
unaffected

Timeline

2025-12-17:CVE Published

Credits

Florian Hauser and Fabian Weber from CODE WHITE GmbH reporter

References

www.radiometer.com/myradiometer

cve.org (CVE-2025-14097)

nvd.nist.gov (CVE-2025-14097)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.