CVE-2025-14097 is a vulnerability categorized under CWE-287 (Improper Authentication) found in the application software of Radiometer Medical Aps' ABL90 FLEX and ABL90 FLEX PLUS blood gas analyzers. These devices run on legacy Windows 7 and Windows XP operating systems with application software versions prior to 3.5MR11. The vulnerability arises from a weakness in the authentication mechanism within the analyzer’s application software, specifically when the remote support feature is enabled. An attacker who establishes a remote connection and acquires additional information through other means can exploit this flaw to execute arbitrary code remotely and gain unauthorized control over the device. This could allow manipulation of device functions, potentially impacting patient diagnostics and treatment. The CVSS v3.1 base score is 7.2, reflecting a high severity due to network attack vector, low attack complexity, requirement for high privileges, and no user interaction needed. The scope is unchanged, but the impact on confidentiality, integrity, and availability is high. Although no known exploits are publicly available, researchers have demonstrated proof-of-concept exploits, indicating a credible threat. Temporary mitigation involves removing the analyzers from insecure networks, while permanent remediation requires securing network access and applying vendor patches or updates once released. Radiometer is actively notifying affected customers and coordinating remediation efforts.

For European organizations, particularly healthcare providers and clinical laboratories using Radiometer ABL90 FLEX series analyzers, this vulnerability presents a significant risk. Exploitation could lead to unauthorized remote control of critical medical devices, potentially resulting in incorrect patient data, misdiagnosis, or disruption of clinical workflows. The confidentiality of patient data processed by these devices could be compromised, and the integrity of diagnostic results could be undermined. Availability of the analyzers could also be affected, causing delays in urgent medical testing. Given the critical role of these analyzers in patient care, any disruption or manipulation could have severe consequences for patient safety and regulatory compliance under GDPR and medical device regulations. The requirement for remote support features and network connectivity means that organizations with less secure network environments or inadequate segmentation are at higher risk. The impact extends beyond individual devices to the broader healthcare infrastructure, emphasizing the need for immediate attention and remediation.

1. Immediately assess whether the remote support feature is enabled on all ABL90 FLEX and ABL90 FLEX PLUS analyzers and disable it if not essential. 2. Remove affected analyzers from any network environments that are not fully secured and segmented, especially those exposed to the internet or untrusted networks. 3. Implement strict network access controls and monitoring around medical device networks, including firewalls, VLAN segmentation, and intrusion detection/prevention systems tailored to medical device traffic. 4. Coordinate with Radiometer local representatives to obtain and apply the latest patches or updated application software versions (≥3.5MR11) as soon as they become available. 5. Conduct thorough audits of device configurations and network settings to ensure compliance with best practices for medical device cybersecurity. 6. Train clinical and IT staff on the risks associated with remote support features and enforce policies restricting remote access to authorized personnel only. 7. Monitor for unusual device behavior or network traffic that could indicate attempted exploitation. 8. Maintain an incident response plan specific to medical device cybersecurity incidents to rapidly contain and remediate any compromise.