Three high-severity vulnerabilities discovered in Columbia Weather Systems MicroServer firmware allowing attackers to redirect SSH connections, gain admin access to web portals, and obtain shell access. CVE-2025-61939 involves improper SSH connection restrictions, CVE-2025-64305 exposes cleartext secrets on SD cards, and CVE-2025-66620 provides unauthorized webshell access. All vulnerabilities affect firmware versions below MS_4.1_14142 and can be exploited by attackers with local network access. The vendor has released patches requiring direct contact with Columbia Weather Systems Support. CVSS scores range from 6.5 to 8.8, with successful exploitation potentially leading to complete system compromise. The vulnerabilities were reported by UsrPacific and affect systems deployed in the United States Information Technology sector.