A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software. 

Other related CVE's are CVE-2025-14096 & CVE-2025-14097.

Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.

Required configuration for Exposure:


Physical access to the analyzer is needed.

Temporary work Around:


Only authorized people can physically access the analyzer.

Permanent solution:
Local Radiometer representatives will contact all affected customers to discuss a permanent solution.



Exploit Status:
Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.                                                                                                                                                                                        Note:

CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.

Metrics

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

Local Radiometer representatives will contact all affected customers to discuss a permanent solution.

Workaround

Only authorized people can physically access the analyzer.

References
Link Providers
https://www.radiometer.com/myradiometer cve-icon cve-icon
History

Wed, 17 Dec 2025 14:15:00 +0000

Type Values Removed Values Added
Description A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.  Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.  Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.                                                                                                                                                                                        Note: CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.

Wed, 17 Dec 2025 14:00:00 +0000

Type Values Removed Values Added
Description A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.  Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.  Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.

Wed, 17 Dec 2025 13:15:00 +0000

Type Values Removed Values Added
Description A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.                                                                                                                                                                                          Other related CVE's are CVE-2025-14096 and CVE-2025-14097.                                                                                           Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.                   Required configuration for Exposure: Physical access to the analyzer is needed.                                                                         Temporary work Around:Only authorized people can physically access the analyzer.                                                         Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploitation status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.  Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.

Wed, 17 Dec 2025 12:30:00 +0000

Type Values Removed Values Added
Description A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.                                                                                                                                                                                              Other related CVE's are CVE-2025-14096 and CVE-2025-14097.                                                                                                                                                                                                                                                                                                   Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.                   Required configuration for Exposure: Physical access to the analyzer is needed.                                                                         Temporary work Around:Only authorized people can physically access the analyzer.                                                         Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution.                                     Exploit Status:                                                                                                                                                                                                                                                                                                                                                                                       Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.                                                                                                                                                                                          Other related CVE's are CVE-2025-14096 and CVE-2025-14097.                                                                                           Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.                   Required configuration for Exposure: Physical access to the analyzer is needed.                                                                         Temporary work Around:Only authorized people can physically access the analyzer.                                                         Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploitation status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.

Wed, 17 Dec 2025 12:15:00 +0000

Type Values Removed Values Added
Description A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.                                                                                                                                                                                              Other related CVE's are CVE-2025-14096 and CVE-2025-14097.                                                                                                                                                                                                                                                                                                   Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure:  Physical access to the analyzer is needed. Temporary work Around:                                                                                                                                                                                                                                                                                                                                                                       Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status:                                                                                                                                                                                                                                                                                                                                                                                       Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication. A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.                                                                                                                                                                                              Other related CVE's are CVE-2025-14096 and CVE-2025-14097.                                                                                                                                                                                                                                                                                                   Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency.                   Required configuration for Exposure: Physical access to the analyzer is needed.                                                                         Temporary work Around:Only authorized people can physically access the analyzer.                                                         Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution.                                     Exploit Status:                                                                                                                                                                                                                                                                                                                                                                                       Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.

Wed, 17 Dec 2025 12:00:00 +0000

Type Values Removed Values Added
Description A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.                                                                                                                                                                                              Other related CVE's are CVE-2025-14096 and CVE-2025-14097.                                                                                                                                                                                                                                                                                                   Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure:  Physical access to the analyzer is needed. Temporary work Around:                                                                                                                                                                                                                                                                                                                                                                       Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status:                                                                                                                                                                                                                                                                                                                                                                                       Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.
Title Privilege boundary violation in Radiometer Products
Weaknesses CWE-284
CWE-693
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Radiometer

Published:

Updated: 2025-12-17T14:07:28.754Z

Reserved: 2025-12-05T10:49:53.501Z

Link: CVE-2025-14095

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-12-17T12:15:45.570

Modified: 2025-12-17T14:15:46.590

Link: CVE-2025-14095

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses