CVE-2025-54863CRITICAL 9.8EPSS p42.7%

CVE-2025-54863CVE-2025-54863

Description

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.57% probability of exploitation · percentile 42.7% · 2026-06-19T12:03:05Z
Published2025-11-04
Last modified2025-11-12

Underlying weaknesses· 1

CWE-522

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

1

TypeTargetConfidenceTier
WeaknessInsufficiently Protected Credentialscwe-5220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-61956
CVE
CVE-2025-61945
CVE
CVE-2025-0455
CVE
CVE-2025-0457
CVE
CVE-2025-0456
CVE
CVE-2025-52856
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.