Description

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.

INFO

Published Date :

2025-11-04T16:13:03.327Z

Last Modified :

2025-11-04T16:31:15.814Z

Source :

icscert
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54863 vulnerability.

Vendors Products
Radiometrics
  • Vizair
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54863.

URL Resource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json cve-icon cve-icon
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact