CVE-2025-14096

17.12.2025, 13:15

A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system.

Other related CVE's are CVE-2025-14095 & CVE-2025-14097.

Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.

Required Configuration for Exposure:

Attacker requires physical access to the analyzer.

Temporary work Around:
Only authorized people can physically access the analyzer.

Permanent solution:
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.

Exploit Status:

Researchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Radiometer	CNA	8.4 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Common Weakness Enumeration

CWE-250 - Execution with Unnecessary Privileges
The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

References

https://www.radiometer.com/myradiometer