Volerion logoVolerion
Volerion logoVolerion

Radiometrics VizAir Missing Authentication Vulnerability Allowing Unauthorized Access to Critical Functions

Vulnerability

A vulnerability exists in Radiometrics VizAir due to a lack of authentication for essential functions, including administrative access and API requests. This flaw enables attackers to alter configurations without authentication, potentially disrupting active runway management and misleading air traffic control (ATC) and pilots. Furthermore, tampered meteorological data could create confusion for forecasters and ATC, leading to flawed flight planning. The vulnerability affects VizAir versions prior to August 2025.

Impact

Exploitation of this vulnerability could result in unauthorized access to the admin panel, allowing attackers to manipulate critical weather parameters and runway assignments. Such actions could disable important alerts, creating dangerous conditions for aircraft, and disrupt airport operations, potentially leading to hazardous flight situations.

Remediation

Radiometrics has updated all affected systems to address this vulnerability. No further action is required from users.

Added: Nov 4, 2025, 5:18 PM
Updated: Nov 4, 2025, 5:18 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
7.5
exploitability
7.4
remediation
0.0
relevance
0.9
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.