CVE-2025-1077
Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices. Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices. Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-02-06 CVE Reserved
- 2025-02-07 CVE Published
- 2025-02-07 CVE Updated
- 2025-02-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-502: Deserialization of Untrusted Data
CAPEC
- CAPEC-153: Input Data Manipulation
- CAPEC-242: Code Injection
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.iblsoft.com/security/advisory-isec-2024-001 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| IBL Software Engineering Search vendor "IBL Software Engineering" | Visual Weather Search vendor "IBL Software Engineering" for product "Visual Weather" | 8.2.5 Search vendor "IBL Software Engineering" for product "Visual Weather" and version "8.2.5" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Visual Weather Search vendor "IBL Software Engineering" for product "Visual Weather" | 7.3.9 Search vendor "IBL Software Engineering" for product "Visual Weather" and version "7.3.9" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Visual Weather Search vendor "IBL Software Engineering" for product "Visual Weather" | 7.3.6 Search vendor "IBL Software Engineering" for product "Visual Weather" and version "7.3.6" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Visual Weather Search vendor "IBL Software Engineering" for product "Visual Weather" | 8.5.2 Search vendor "IBL Software Engineering" for product "Visual Weather" and version "8.5.2" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | NAMIS Search vendor "IBL Software Engineering" for product "NAMIS" | 8.2.5 Search vendor "IBL Software Engineering" for product "NAMIS" and version "8.2.5" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | NAMIS Search vendor "IBL Software Engineering" for product "NAMIS" | 7.3.9 Search vendor "IBL Software Engineering" for product "NAMIS" and version "7.3.9" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | NAMIS Search vendor "IBL Software Engineering" for product "NAMIS" | 7.3.6 Search vendor "IBL Software Engineering" for product "NAMIS" and version "7.3.6" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | NAMIS Search vendor "IBL Software Engineering" for product "NAMIS" | 8.5.2 Search vendor "IBL Software Engineering" for product "NAMIS" and version "8.5.2" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Aero Weather Search vendor "IBL Software Engineering" for product "Aero Weather" | 8.2.5 Search vendor "IBL Software Engineering" for product "Aero Weather" and version "8.2.5" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Aero Weather Search vendor "IBL Software Engineering" for product "Aero Weather" | 7.3.9 Search vendor "IBL Software Engineering" for product "Aero Weather" and version "7.3.9" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Aero Weather Search vendor "IBL Software Engineering" for product "Aero Weather" | 7.3.6 Search vendor "IBL Software Engineering" for product "Aero Weather" and version "7.3.6" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Aero Weather Search vendor "IBL Software Engineering" for product "Aero Weather" | 8.5.2 Search vendor "IBL Software Engineering" for product "Aero Weather" and version "8.5.2" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Satellite Weather Search vendor "IBL Software Engineering" for product "Satellite Weather" | 8.2.5 Search vendor "IBL Software Engineering" for product "Satellite Weather" and version "8.2.5" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Satellite Weather Search vendor "IBL Software Engineering" for product "Satellite Weather" | 7.3.9 Search vendor "IBL Software Engineering" for product "Satellite Weather" and version "7.3.9" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Satellite Weather Search vendor "IBL Software Engineering" for product "Satellite Weather" | 7.3.6 Search vendor "IBL Software Engineering" for product "Satellite Weather" and version "7.3.6" | en |
Affected
| ||||||
| IBL Software Engineering Search vendor "IBL Software Engineering" | Satellite Weather Search vendor "IBL Software Engineering" for product "Satellite Weather" | 8.5.2 Search vendor "IBL Software Engineering" for product "Satellite Weather" and version "8.5.2" | en |
Affected
| ||||||