CRITICAL🇵🇱 Wersja polska

CVE-2025-61945

CVSS 10.0v4.0pub. 2025-11-04upd. 2025-11-12

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.

🤖 AI Analysis
How it works

The vulnerability results from the lack of an authentication mechanism (CWE-306) protecting access to the VizAir system's admin panel. Any attacker with network access can open the panel without providing any login credentials and gain full administrative privileges. After gaining access, the attacker can modify critical weather parameters such as wind shear alerts, temperature inversion depth, and CAPE values, as well as change runway assignments.

Impact

An attacker can disable critical aviation safety alerts and manipulate meteorological data and runway assignments, which may lead to mid-air collisions, runway incursion incidents, or exposing aircraft to dangerous atmospheric conditions.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references. As an immediate remedial action, it is recommended to isolate the VizAir system from the public network, restrict access to the admin panel exclusively to trusted IP addresses, and implement network-level authentication (e.g., VPN or firewall).

Who is affected

Radiometrics VizAir — versions indicated in the manufacturer's references (CISA ICS Advisory ICSA-25-308-04)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Radiometrics Vizair

    APP
    Radiometrics
    < 2025-08
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-54863CRITICAL10.0PL ✓ten sam produkt

Radiometrics VizAir — ujawnienie klucza API REST w pliku konfiguracyjnym

CVE-2025-61956CRITICAL10.0PL ✓ten sam produkt

Brak uwierzytelnienia dla krytycznych funkcji w Radiometrics VizAir