Vulnerability Description
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radiometrics | Vizair | < 2025-08 |
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-30Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2025-54863?
CVE-2025-54863 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, au...
How severe is CVE-2025-54863?
CVE-2025-54863 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-54863?
Check the references section above for vendor advisories and patch information. Affected products include: Radiometrics Vizair.