A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software. Other related CVE's are CVE-2025-14095 & CVE-2025-14096. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.
Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer. Temporary work Around: If the network is not considered secure, please remove the analyzer from the network. Permanent solution:
Customers should ensure the following:
• The network is secure, and access follows best practices.
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.
Exploit Status:
Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
| Link | Providers |
|---|---|
| https://www.radiometer.com/myradiometer |
|
History
Wed, 17 Dec 2025 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software. Other related CVE's are CVE-2025-14095 & CVE-2025-14096. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer. Temporary work Around: If the network is not considered secure, please remove the analyzer from the network. Permanent solution: Customers should ensure the following: • The network is secure, and access follows best practices. Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication. | |
| Title | Remote Code Execution Vulnerability in Radiometer Products | |
| Weaknesses | CWE-287 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Radiometer
Published:
Updated: 2025-12-17T14:41:13.252Z
Reserved: 2025-12-05T10:50:03.683Z
Link: CVE-2025-14097
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-12-17T13:15:58.050
Modified: 2025-12-17T13:15:58.050
Link: CVE-2025-14097
Redhat
No data.
OpenCVE Enrichment
No data.