Radiometer Medical Aps ABL90 FLEX improper authentication

Summaryinfo

A vulnerability described as critical has been identified in Radiometer Medical Aps ABL90 FLEX, ABL90 FLEX PLUS, AQT90 FLEX, ABL800 BASIC and ABL800 FLEX. This issue affects some unknown processing. The manipulation results in improper authentication. This vulnerability was named CVE-2025-14097. The attack may be performed from remote. There is no available exploit.

Detailsinfo

A vulnerability classified as critical has been found in Radiometer Medical Aps ABL90 FLEX, ABL90 FLEX PLUS, AQT90 FLEX, ABL800 BASIC and ABL800 FLEX. Affected is an unknown code block. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software.                                                                                                                                                                                                Other related CVE's are CVE-2025-14095 & CVE-2025-14096.                                                                                                      Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer.                                                                                                                                                                        Temporary work Around: If the network is not considered secure, please remove the analyzer from the network.                         Permanent solution: Customers should ensure the following: • The network is secure, and access follows best practices. Local Radiometer representatives will contact all affected customers to discuss a permanent solution.                                                      Exploit Status: Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication.

The advisory is available at radiometer.com. This vulnerability is traded as CVE-2025-14097 since 12/05/2025. The exploitability is told to be easy. It is possible to launch the attack remotely. Additional levels of successful authentication are necessary for exploitation. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 12/17/2025).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-203895). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Medical Device Software

Vendor

• Radiometer Medical Aps

Name

• ABL90 FLEX
• ABL90 FLEX PLUS
• ABL800 BASIC
• ABL800 FLEX
• AQT90 FLEX

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion