CVE-2025-54863
Published: 04 November 2025
Summary
CVE-2025-54863 is a critical-severity Insufficiently Protected Credentials (CWE-522) vulnerability in Radiometrics Vizair. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 29.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and CM-6 (Configuration Settings).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires reviewing and restricting publicly accessible content to prevent exposure of sensitive information like the REST API key in configuration files.
Mandates protection of authenticators, such as API keys, from unauthorized disclosure, directly addressing the exposed credential vulnerability.
Requires securing configuration settings to prevent exposure of sensitive credentials like API keys in publicly accessible files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerabilities enable exploitation of public-facing REST API and admin panel lacking authentication (T1190), exposure of API key in publicly accessible config file (T1552.001), remote alteration of stored weather data and configurations (T1565.001), and DoS via flooding API with false alerts (T1499.003).
NVD Description
Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could…
more
potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions.
Deeper analysisAI
CVE-2025-54863 is a critical vulnerability in Radiometrics VizAir, where the system's REST API key is exposed through a publicly accessible configuration file. This issue, mapped to CWE-522 (Insufficiently Protected Credentials), carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), reflecting its potential for high-impact network-based exploitation without requiring authentication or user interaction.
Attackers with network access can remotely leverage the exposed API key to alter weather data and system configurations, extract sensitive meteorological information, and automate attacks against multiple VizAir instances. They could also flood the system with false alerts, resulting in denial-of-service conditions that disrupt airport operations. Such unauthorized control over aviation weather monitoring risks incorrect flight planning and hazardous takeoff or landing scenarios.
The CISA advisory ICSA-25-308-04 provides details on mitigation strategies; refer to https://www.cisa.gov/news-events/ics-advisories/icsa-25-308-04 and the associated CSAF file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-308-04.json for patches, workarounds, and further guidance.
Details
- CWE(s)