CVE-2025-14096
Published: Dec 17, 2025
Modified: Dec 17, 2025
CVSS v3.1
8.4
Description
A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system. Other related CVE's are CVE-2025-14095 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required Configuration for Exposure: Attacker requires physical access to the analyzer. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.
| Vendor | Product | Versions |
|---|---|---|
Radiometer Medical Aps | ABL90 FLEX and ABL90 FLEX PLUS Analyzers | affected Windows 7 Operating systemaffected Windows XP Operating system |
Radiometer Medical Aps | AQT90 FLEX Analyzers | affected Windows 7 Operating systemaffected Windows XP Operating system |
Radiometer Medical Aps | ABL800 BASIC and ABL800 FLEX analyzers | affected Windows 7 Operating systemaffected Windows XP Operating system |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now