CVE-2025-61945
BaseFortify
Publication date: 2025-11-04
Last updated on: 2025-11-12
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radiometrics | vizair | to 2025-08 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Radiometrics VizAir allows any remote attacker to access the admin panel without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values. These parameters are essential for accurate weather forecasting and flight safety. Unauthorized changes could disable vital alerts and manipulate runway assignments, potentially causing hazardous conditions for aircraft including mid-air conflicts or runway incursions.
How can this vulnerability impact me? :
The vulnerability can have severe impacts including disabling vital weather alerts and manipulating runway assignments. This can lead to hazardous conditions for aircraft, increasing the risk of mid-air conflicts or runway incursions, thereby compromising flight safety.