← Zuruck zu CVEs
CVE-2025-61956
CRITICAL10.0
Beschreibung
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
CVE Details
CVSS v3.1 Bewertung10.0
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht11/4/2025
Zuletzt geandert11/12/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
radiometrics:vizair
Schwachen (CWE)
CWE-306
Referenzen
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04(ics-cert@hq.dhs.gov)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.