CVE-2025-14097 is an improper authentication vulnerability (CWE-287) found in the application software of Radiometer Medical Aps' ABL90 FLEX and ABL90 FLEX PLUS blood gas analyzers. These devices run on legacy Windows 7 or Windows XP operating systems with application software versions earlier than 3.5MR11. The vulnerability arises from a weakness in the authentication mechanism of the analyzer's application software, specifically when the remote support feature is enabled. An attacker who can establish a remote connection and has obtained additional information through other means can exploit this flaw to execute arbitrary code remotely and gain unauthorized control over the device. This could allow manipulation of device functions, potentially altering medical test results or disrupting device operations. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), but does require high privileges (PR:H) and no user interaction (UI:N). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no public exploits are currently known, researchers have demonstrated proof-of-concept exploits. The vendor recommends ensuring the network environment is secure and disabling the remote support feature if the network cannot be trusted. Radiometer is engaging affected customers to provide permanent solutions. This vulnerability is related to CVE-2025-14095 and CVE-2025-14096, indicating a broader issue in the product line's authentication mechanisms.

For European organizations, particularly healthcare providers using Radiometer ABL90 FLEX and FLEX PLUS analyzers, this vulnerability presents a significant risk. Exploitation could lead to unauthorized remote control of critical medical devices, potentially resulting in incorrect diagnostic results, disruption of medical workflows, or exposure of sensitive patient data. The impact on patient safety is considerable, as compromised analyzers may produce inaccurate blood gas measurements that inform critical treatment decisions. Additionally, unauthorized device management could be leveraged to disrupt hospital operations or serve as a foothold for broader network intrusion. Given the use of legacy operating systems, patching and mitigation may be challenging, increasing exposure duration. The requirement for remote support to be enabled and network access means that organizations with poorly segmented or unsecured medical device networks are at higher risk. The confidentiality, integrity, and availability of medical data and device functionality are all at risk, potentially leading to regulatory and compliance issues under GDPR and healthcare regulations.

European healthcare organizations should immediately assess whether affected Radiometer analyzers are deployed and verify the application software versions. If the remote support feature is enabled, and the network environment is not fully secured, this feature should be disabled or the device isolated from the network to prevent remote exploitation. Network segmentation should be enforced to separate medical devices from general IT infrastructure, limiting access to trusted personnel and systems only. Strong authentication and access controls must be implemented on networks hosting these devices. Organizations should coordinate with Radiometer representatives to obtain and apply permanent software updates or patches as soon as they become available. Monitoring network traffic for unusual connections to these analyzers can help detect attempted exploitation. Additionally, organizations should review and update their medical device security policies, including incident response plans tailored to medical device compromise. Given the legacy OS involved, consider plans for device replacement or OS upgrades where feasible to reduce long-term risk.