CVE-2025-61956
CRITICALRadiometrics Vizair < 2025-08 - Missing Authentication
Title source: ruleDescription
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
Mitigation, Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04
Scores
CVSS v3
10.0
EPSS
0.0017
EPSS Percentile
38.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
radiometrics/vizair
< 2025-08
Published
Nov 04, 2025
Tracked Since
Feb 18, 2026