CVE-2025-61956
CRITICALRadiometrics VizAir < 2025-08 - Unauthenticated Critical Function Access
Title source: llmDescription
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
References (2)
Core 2
Core References
Third Party Advisory
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
Mitigation, Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04
Scores
CVSS v3
10.0
EPSS
0.0070
EPSS Percentile
48.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-306
Status
published
Products (1)
radiometrics/vizair
< 2025-08
Published
Nov 04, 2025
Tracked Since
Feb 18, 2026