exploitDog

CVE-2025-61956

Опубликовано: 04 нояб. 2025

Источник: nvd

CVSS3: 10

CVSS3: 9.8

EPSS Низкий

Описание

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.

Ссылки

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:radiometrics:vizair:*:*:*:*:*:*:*:*

Версия до 2025-08 (исключая)

EPSS

Процентиль: 31%

0.00114

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-306

Связанные уязвимости

GHSA-4p8r-c649-4cgv

CVSS3: 10

github

3 месяца назад

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.

EPSS

Процентиль: 31%

0.00114

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-306