Vulnerability Description
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Radiometrics | Vizair | < 2025-08 |
Related Weaknesses (CWE)
References
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-30Third Party Advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2025-61956?
CVE-2025-61956 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, pote...
How severe is CVE-2025-61956?
CVE-2025-61956 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-61956?
Check the references section above for vendor advisories and patch information. Affected products include: Radiometrics Vizair.