Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2025-1077

Disclosure Date: February 07, 2025
CVE-2025-1077
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.

A remote unauthenticated

attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices.

Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Visual Weather 8.2.5
Visual Weather 7.3.9
Visual Weather 7.3.6 (Enterprise Build)
Visual Weather 8.5.2 (Enterprise Build)
NAMIS 8.2.5
NAMIS 7.3.9
NAMIS 7.3.6 (Enterprise Build)
NAMIS 8.5.2 (Enterprise Build)
Aero Weather 8.2.5
Aero Weather 7.3.9
Aero Weather 7.3.6 (Enterprise Build)
Aero Weather 8.5.2 (Enterprise Build)
Satellite Weather 8.2.5
Satellite Weather 7.3.9
Satellite Weather 7.3.6 (Enterprise Build)
Satellite Weather 8.5.2 (Enterprise Build)
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis