PatchSiren cyber security CVE debrief
CVE-2025-64305 Columbia Weather Systems CVE debrief
CVE-2025-64305 is an information disclosure issue in Columbia Weather Systems MicroServer firmware. According to the CISA CSAF advisory published on 2026-01-06, the device copies parts of system firmware to an unencrypted external SD card during boot. That card can contain user and vendor secrets, and those plaintext secrets could be used to modify vendor firmware or obtain admin access to the web portal. Columbia Weather Systems states the fix is available in firmware version MS_4.1_14142 or later.
- Vendor
- Columbia Weather Systems
- Product
- MicroServer firmware
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-06
- Original CVE updated
- 2026-01-06
- Advisory published
- 2026-01-06
- Advisory updated
- 2026-01-06
Who should care
Operators, integrators, and maintainers of Columbia Weather Systems MicroServer deployments should pay attention, especially where the device is installed in accessible field or OT environments and where firmware images, admin credentials, or other secrets may be exposed through removable media.
Technical summary
The issue is a boot-time exposure of sensitive firmware contents to an unencrypted external SD card. Because the copied data may include secrets, an attacker with access to the media can potentially recover credentials or other sensitive material. CISA’s advisory indicates this can lead to vendor firmware modification or admin portal access. The published CVSS vector is CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, consistent with a high confidentiality impact and no direct availability impact.
Defensive priority
Medium CVSS severity, but high practical priority for any environment that can access the device or removable media. Treat as a prompt patch-and-harden item for affected MicroServer installations.
Recommended defensive actions
- Update MicroServer firmware to version MS_4.1_14142 or later.
- Contact Columbia Weather Systems Support directly for the vendor-provided update process.
- Restrict physical access to the MicroServer and any removable storage used with it.
- Review deployments for any exposed SD cards or backup media that may contain copied firmware data or secrets.
- Rotate any credentials or secrets that may have been exposed before remediation.
- After updating, verify administrative access controls on the web portal and check for signs of tampering.
Evidence notes
Primary facts come from the CISA CSAF advisory for ICSA-26-006-01, which was published and revised on 2026-01-06. The advisory states the MicroServer copies parts of system firmware to an unencrypted external SD card on boot, exposing user and vendor secrets. It also provides the vendor remediation to update to MS_4.1_14142 or later. The advisory’s revision history notes updated risk evaluation, research acknowledgment, and vendor mitigations on the same date. No KEV listing was provided in the supplied corpus.
Official resources
-
CVE-2025-64305 CVE record
CVE.org
-
CVE-2025-64305 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA CSAF advisory ICSA-26-006-01 was published on 2026-01-06 and revised the same day; the supplied corpus indicates no KEV listing.