---
title: "Critical Vulnerabilities in Columbia Weather MicroServer Expose Systems to Attacks"
short_title: "Columbia Weather MicroServer flaws allow admin access"
description: "Three critical vulnerabilities in Columbia Weather Systems MicroServer enable SSH redirection, admin access, and shell exploits. Update now to secure your systems."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cve-2025-61939, cve-2025-64305, cve-2025-66620, columbia-weather, ics-security]
score: 0.85
cve_ids: [CVE-2025-61939, CVE-2025-64305, CVE-2025-66620]
---
TL;DR
Columbia Weather Systems MicroServer firmware is affected by three critical vulnerabilities (CVE-2025-61939, CVE-2025-64305, CVE-2025-66620) that could allow attackers to redirect SSH connections, gain admin access, and exploit limited shell access. Users are urged to update to firmware version MS_4.1_14142 or later to mitigate risks.
---
Main Content
Columbia Weather Systems has disclosed three critical vulnerabilities in its MicroServer firmware, which could enable threat actors to compromise affected systems. These flaws, if exploited, allow attackers to redirect SSH connections to malicious devices, gain administrative access to the web portal, and obtain limited shell access with sudo privileges. The vulnerabilities impact firmware versions prior to MS_4.1_14142 and pose significant risks to organizations relying on these systems for weather monitoring and data collection.
Key Points
- Three critical vulnerabilities (CVE-2025-61939, CVE-2025-64305, CVE-2025-66620) affect Columbia Weather Systems MicroServer firmware.
- Exploitation could lead to SSH redirection, admin access, and limited shell access with sudo privileges.
- Affected systems include firmware versions prior to MS_4.1_14142.
- Columbia Weather Systems has released a patch and recommends immediate updates.
---
Technical Details
#### CVE-2025-61939: SSH Redirection via DNS Manipulation
This vulnerability stems from an unused function in the MicroServer that initiates a reverse SSH connection to a vendor-registered domain without mutual authentication. An attacker with admin access to the web server and the ability to manipulate DNS responses can redirect the SSH connection to a device under their control. This flaw is classified under CWE-923: Improper Restriction of Communication Channel to Intended Endpoints and has a CVSS score of 8.8 (High).
#### CVE-2025-64305: Cleartext Storage of Secrets
During boot, the MicroServer copies portions of the system firmware to an unencrypted external SD card, exposing user and vendor secrets in plaintext. Attackers can leverage these secrets to modify vendor firmware or gain admin access to the web portal. This vulnerability is associated with CWE-313: Cleartext Storage in a File or on Disk and has a CVSS score of 6.5 (Medium).
#### CVE-2025-66620: Unused Webshell with Sudo Rights
An unused webshell in the MicroServer allows unlimited login attempts with sudo rights on specific files and directories. Attackers with admin access can exploit this flaw to gain limited shell access, enabling persistence through reverse shells and the ability to modify or delete data stored in the file system. This vulnerability is linked to CWE-553: Command Shell in Externally Accessible Directory and has a CVSS score of 8.0 (High).
---
Impact Assessment
The vulnerabilities in Columbia Weather Systems MicroServer firmware pose severe risks to organizations, particularly those in critical infrastructure sectors such as Information Technology. Successful exploitation could lead to:
- Unauthorized admin access to the web portal.
- Data manipulation or deletion via shell access.
- Network compromise through SSH redirection to malicious devices.
Given the high severity of these flaws, organizations are strongly advised to apply the recommended patches immediately.
---
Mitigation Steps
Columbia Weather Systems has released firmware version MS_4.1_14142 to address these vulnerabilities. Users should:
1. Update immediately to the latest firmware version by contacting [Columbia Weather Systems Support](https://www.columbiaweather.com/support).
2. Minimize network exposure for control system devices to prevent access from unauthorized networks.
3. Isolate control system networks behind firewalls and segment them from business networks.
4. Use secure remote access methods, such as VPNs, and ensure they are updated to the latest version.
5. Monitor for suspicious activity and report any incidents to [CISA](https://www.cisa.gov).
---
Affected Systems
- Vendor: Columbia Weather Systems
- Product: MicroServer firmware (versions prior to MS_4.1_14142)
- Critical Infrastructure Sectors: Information Technology
- Deployment Regions: United States
---
Conclusion
The discovery of these critical vulnerabilities in Columbia Weather Systems MicroServer firmware underscores the importance of proactive cybersecurity measures for industrial control systems (ICS). Organizations must prioritize patching affected systems and implementing defensive strategies to mitigate risks. Failure to act could expose sensitive data and critical infrastructure to malicious actors.
For more details, refer to the [CISA advisory](https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01) and the [CVE records](#).
---
References
[^1]: CISA. "[ICSA-26-006-01: Columbia Weather Systems MicroServer](https://www.cisa.gov/news-events/ics-advisories/icsa-26-006-01)". Retrieved 2025-01-24.
[^2]: MITRE. "[CVE-2025-61939](https://www.cve.org/CVERecord?id=CVE-2025-61939)". Retrieved 2025-01-24.
[^3]: MITRE. "[CVE-2025-64305](https://www.cve.org/CVERecord?id=CVE-2025-64305)". Retrieved 2025-01-24.
[^4]: MITRE. "[CVE-2025-66620](https://www.cve.org/CVERecord?id=CVE-2025-66620)". Retrieved 2025-01-24.