CVE-2025-14096
Published: 17 December 2025
Summary
CVE-2025-14096 is a high-severity Execution with Unnecessary Privileges (CWE-250) vulnerability in Radiometer (inferred from references). Its CVSS base score is 8.4 (High).
Operationally, ranked at the 5.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-203889
Vulnerability details
A vulnerability exists in multiple Radiometer products that allow an attacker with physical access to the analyzer possibility to extract credential information. The vulnerability is due to a weakness in the design and insufficient credential protection in operating system. Other…
more
related CVE's are CVE-2025-14095 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required Configuration for Exposure: Attacker requires physical access to the analyzer. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided a working proof-of-concept (PoC). Radiometer is not aware of any public exploit code at the time of this publication.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Role-based training on least privilege principles reduces the chance personnel assign or retain unnecessary privileges.
Risk designation and screening for elevated positions directly reduces the chance that unvetted personnel receive or retain unnecessary privileges.
Documentation on secure operation of privileged functions and known vulnerabilities directly reduces execution with unnecessary privileges.
Policy promotes least privilege by defining necessary privileges and management commitment to them.
Supervision detects and allows removal of unnecessary privileges that enable execution with excess rights.
Reviewing accounts for compliance, disabling/removing unneeded accounts, and aligning with termination processes prevents execution with unnecessary privileges.
Separation of duties prevents any single user from holding all privileges needed to complete a critical task, directly reducing execution with unnecessary privileges.
Directly prevents execution with more privileges than needed for assigned tasks.