CVE-2025-61956 | THREATINT

Description

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.

PUBLISHED Reserved 2025-10-07 | Published 2025-11-04 | Updated 2025-11-04 | Assigner icscert

CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

Any version before 08/2025

affected

Credits

Souvik Kandar reporter

References

www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

github.com/...p/csaf_files/OT/white/2025/icsa-25-308-04.json

cve.org (CVE-2025-61956)

nvd.nist.gov (CVE-2025-61956)

Download JSON