CVE-2025-61956CRITICAL 9.8EPSS p48.4%

CVE-2025-61956CVE-2025-61956

Description

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.70% probability of exploitation · percentile 48.4% · 2026-06-18T12:00:27Z
Published2025-11-04
Last modified2025-11-12

Underlying weaknesses· 1

CWE-306

References

  1. https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
  2. https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-61945
CVE
CVE-2025-54863
CVE
CVE-2025-0456
CVE
CVE-2025-0455
CVE
CVE-2025-0457
CVE
CVE-2025-52856
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.