A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means.  The issue is caused by a weakness in the analyzer’s application software.                                                                                                                                                                                                Other related CVE's are CVE-2025-14095 & CVE-2025-14096.                                                                                                      Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.



Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer.                                                                                                                                                                        Temporary work Around: If the network is not considered secure, please remove the analyzer from the network.                         Permanent solution:
Customers should ensure the following:
•  The network is secure, and access follows best practices.
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.                                                     
Exploit Status:


Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-287

https://www.radiometer.com/myradiometer