Remote Control Vulnerability in Radiometrics VizAir Weather Monitoring System
CVE-2025-54863

10CRITICAL

Key Information:

Vendor: Radiometrics
Status: Vizair
Vendor: CVE Published:; 4 November 2025

🔔 Create Radiometrics Vulnerability Alert

What is CVE-2025-54863?

The Radiometrics VizAir system is vulnerable due to an exposure of its REST API key within a configuration file accessible to the public. This weakness allows attackers to gain unauthorized access to modify critical weather data and system settings. With this access, they could initiate automated attacks, impacting multiple systems. Threat actors may manipulate meteorological data that can lead to hazardous conditions at airports, affecting flight planning and operations. In addition, attackers could generate false alerts, potentially overwhelming the system and causing a denial-of-service scenario, thus disrupting essential airport operations.

Affected Version(s)

VizAir 0 < 08/2025

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Oct 7, 2025

Credit

Souvik Kandar

JSON