CVE-2025-14097

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means.  The issue is caused by a weakness in the analyzers application software.                                                                                                Other related CVE's are CVE-2025-14095 & CVE-2025-14096.                                                   Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.



Required Configuration for Exposure:Affected application software version is in use and remote support feature is enabled in the analyzer.                                                                                    Temporary work Around: If the network is not considered secure, please remove the analyzer from the network.            Permanent solution:
Customers should ensure the following:
  The network is secure, and access follows best practices.
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.                          
Exploit Status:


Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
RadiometerCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Common Weakness Enumeration
References
https://www.radiometer.com/myradiometer