← Voltar para CVEs
CVE-2025-61956
CRITICAL10.0
Descricao
Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.
Detalhes CVE
Pontuacao CVSS v3.110.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado11/4/2025
Ultima modificacao11/12/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
radiometrics:vizair
Fraquezas (CWE)
CWE-306
Referencias
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json(ics-cert@hq.dhs.gov)
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04(ics-cert@hq.dhs.gov)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.