CVE-2025-14096
Credential Extraction via Physical Access in Radiometer Analyzers
Publication date: 2025-12-17
Last updated on: 2025-12-17
Assigner: Radiometer
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radiometer | analyzer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in multiple Radiometer products and allows an attacker with physical access to the analyzer to extract credential information. It is caused by a weakness in the design and insufficient protection of credentials within the operating system.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized access to sensitive credential information, potentially compromising the confidentiality, integrity, and availability of the system and its data. Since the attacker needs physical access, the risk is limited to scenarios where such access is possible.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, ensure that only authorized personnel have physical access to the Radiometer analyzer devices. Restricting physical access is the primary temporary workaround until a permanent solution is provided by local Radiometer representatives.