What is CVE-2025-64305?

CVE-2025-64305 is a medium-severity vulnerability in Columbia Weather Systems Microserver, classified under Cleartext Storage in a File or on Disk. CVSS score: 6.5/10. Published 2026-01-07.

How severe is CVE-2025-64305?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Columbia Weather Systems Microserver

CVE-2025-64305

MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the…

EPSS: 0.000 (1.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Columbia Weather Systems Microserver — versions 0

Weakness classification (CWE)

CWE-313 — Cleartext Storage in a File or on Disk

References

www.cisa.gov/news-events/ics-advisories/icsa-26-006-01
github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-006-01.js…

Frequently asked questions

What is CVE-2025-64305?: CVE-2025-64305 is a medium-severity vulnerability in Columbia Weather Systems Microserver, classified under Cleartext Storage in a File or on Disk. CVSS score: 6.5/10. Published 2026-01-07.
How severe is CVE-2025-64305?: Medium severity. CVSS v3 base score is 6.5 out of 10.