Cyber Posture

CVE-2025-61945

Critical

Published: 04 November 2025

Published
04 November 2025
Modified
12 November 2025
KEV Added
Patch
CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0018 38.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.

Security Summary

CVE-2025-61945 is a critical vulnerability in Radiometrics VizAir, published on 2025-11-04, that enables unauthorized access to the system's admin panel without authentication. Assigned CWE-306 (Missing Authentication for Critical Function) and a perfect CVSS v3.1 score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), it allows remote attackers to modify essential weather parameters, including wind shear alerts, inversion depth, and CAPE values, which are vital for accurate forecasting and aviation safety.

Any remote attacker can exploit this vulnerability without privileges, user interaction, or special conditions, simply by accessing the exposed admin panel. Successful exploitation enables tampering with critical data, such as disabling safety alerts that could lead to hazardous aircraft conditions or altering runway assignments, potentially resulting in mid-air conflicts or runway incursions.

CISA advisory ICSA-25-308-04 provides details on mitigation, available at https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04, along with the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json.

Details

CWE(s)
CWE-306

Affected Products

radiometrics
vizair
≤ 2025-08

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
T1565 Data Manipulation Impact
Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
attack.mitre.org →
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
attack.mitre.org →
Why these techniques?

Missing authentication for admin panel/API (CVE-2025-61945, CVE-2025-61956) enables T1190 (exploit public-facing app). Exposed API key in public config (CVE-2025-54863) enables T1552.001 (unsecured credentials). Unauth access allows T1565 (data manipulation of weather/runway params) and T1499 (DoS via false alerts).

References