Vulnerability Description
Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radiometrics | Vizair | < 2025-08 |
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-30Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2025-61945?
CVE-2025-61945 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters suc...
How severe is CVE-2025-61945?
CVE-2025-61945 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-61945?
Check the references section above for vendor advisories and patch information. Affected products include: Radiometrics Vizair.