CVE-2025-1077 – Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)

https://notcve.org/view.php?id=CVE-2025-1077

07 Feb 2025 — A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Fo... • https://www.iblsoft.com/security/advisory-isec-2024-001 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •