CVE-2025-1077
Published: Feb 7, 2025
Modified: Feb 7, 2025
Description
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices. Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).
| Vendor | Product | Versions |
|---|---|---|
IBL Software Engineering | Visual Weather | affected 8.2.5affected 7.3.9affected 7.3.6 (Enterprise Build)affected 8.5.2 (Enterprise Build) |
IBL Software Engineering | NAMIS | affected 8.2.5affected 7.3.9affected 7.3.6 (Enterprise Build)affected 8.5.2 (Enterprise Build) |
IBL Software Engineering | Aero Weather | affected 8.2.5affected 7.3.9affected 7.3.6 (Enterprise Build)affected 8.5.2 (Enterprise Build) |
IBL Software Engineering | Satellite Weather | affected 8.2.5affected 7.3.9affected 7.3.6 (Enterprise Build)affected 8.5.2 (Enterprise Build) |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now