CVE-2025-54863
BaseFortify
Publication date: 2025-11-04
Last updated on: 2025-11-12
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radiometrics | vizair | to 2025-08 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Radiometrics VizAir involves exposure of the system's REST API key through a publicly accessible configuration file. This exposure allows attackers to remotely access and manipulate weather data and system configurations, automate attacks on multiple instances, and extract sensitive meteorological data. Attackers can also flood the system with false alerts, causing denial-of-service and disrupting airport operations. Unauthorized control over aviation weather monitoring could lead to incorrect flight planning and dangerous takeoff and landing conditions.
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including unauthorized alteration of weather data, extraction of sensitive meteorological information, and denial-of-service conditions caused by flooding the system with false alerts. These impacts can disrupt airport operations significantly, potentially causing incorrect flight planning and hazardous conditions for takeoff and landing, thereby compromising safety and operational reliability.