CVE-2025-14095
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-17

Last updated on: 2025-12-18

Assigner: Radiometer

Description
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.  Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.                                                                                                                                                                                        Note: CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2025-12-18
Generated
2026-06-19
AI Q&A
2025-12-17
EPSS Evaluated
2026-06-18
NVD
CVE-2025-14095
EUVD
EUVD-2025-203887
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
radiometer analyzer *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a privilege boundary violation affecting multiple Radiometer products. It allows a user with physical access to the analyzer to gain unauthorized access to functionalities outside the restricted environment due to a weakness in the design of access control implementation in the application software.

Impact Analysis

If exploited, this vulnerability can lead to unauthorized access to sensitive functionalities of the analyzer, potentially compromising the confidentiality, integrity, and availability of the device and its data. This could affect the reliability of test results and overall device security. Physical access to the device is required for exploitation.

Mitigation Strategies

To mitigate this vulnerability immediately, ensure that only authorized personnel have physical access to the analyzer device. Restricting physical access is the recommended temporary workaround until a permanent solution is provided by Radiometer representatives. [1]

Detection Guidance

This vulnerability requires physical access to the Radiometer analyzer and involves a privilege boundary violation due to access control weaknesses in the application software. Detection is not possible via network commands or remote scanning because the exploit requires physical interaction with the device. The recommended mitigation is to restrict physical access to authorized personnel only. No specific detection commands or network-based detection methods are provided.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14095. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart