CVE-2025-14097
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software. Other related CVE's are CVE-2025-14095 & CVE-2025-14096. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer. Temporary work Around: If the network is not considered secure, please remove the analyzer from the network. Permanent solution: Customers should ensure the following: • The network is secure, and access follows best practices. Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status:
Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers | Application software versions < 3.5MR11 with Windows 7, Windows XP operating systems | affected |
| Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers | Application software versions >= 3.5MR11 with Windows 10 operating system | unaffected |
| Radiometer Medical Aps | ABL800 BASIC and ABL800 FLEX Analyzers | Application software versions < 6.20MR2 with Windows 7, Windows XP operating systems | affected |
| Radiometer Medical Aps | ABL800 BASIC and ABL800 FLEX Analyzers | Application software versions >= 6.20MR2 with Windows 10 operating system | unaffected |
| Radiometer Medical Aps | AQT90 FLEX Analyzers | Application software versions <= 8.13 MR2 with Windows 7, Windows XP operating systems | affected |
| Radiometer Medical Aps | AQT90 FLEX Analyzers | Application software versions >= 8.13 MR2 with Windows 10 operating system | unaffected |
Weaknesses
- CWE-287: CWE-287: Improper Authentication
Workarounds
If the network is not considered secure, please remove the analyzer from the network.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.