CVE-2025-61945CRITICAL 9.8EPSS p49.9%

CVE-2025-61945CVE-2025-61945

Description

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.74% probability of exploitation · percentile 49.9% · 2026-06-18T12:00:27Z
Published2025-11-04
Last modified2025-11-12

Underlying weaknesses· 1

CWE-306

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-61956
CVE
CVE-2025-54863
CVE
CVE-2025-0455
CVE
CVE-2025-0457
CVE
CVE-2025-0456
CVE
CVE-2025-61937
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.