A critical security vulnerability, identified as CVE-2025-1077, has been disclosed in IBL Software Engineering’s Visual Weather software and its derived products, including Aero Weather, Satellite Weather, and NAMIS.
This flaw resides in the Product Delivery Service (PDS) component when specific server configurations are in use.
Exploitation Risks and Impact
The vulnerability allows unauthenticated attackers to execute arbitrary Python code remotely by exploiting the IPDS pipeline with specially crafted Form Properties.
If successfully exploited, this could lead to a complete compromise of the affected server, particularly when Visual Weather services are run under privileged user accounts contrary to recommended installation practices.
The vulnerability has been assigned a CVSSv4 score of 9.5, highlighting its critical severity.
It impacts confidentiality, integrity, and availability, enabling attackers to potentially gain unauthorized control of systems, access sensitive information, alter data, and disrupt services.
Affected Products and Versions
The vulnerability affects several versions of Visual Weather and its derived products:
- Visual Weather: 8.2.5, 7.3.9, 7.3.6 (Enterprise Build), 8.5.2 (Enterprise Build)
- Derived Products: NAMIS, Aero Weather, Satellite Weather (same versions as above)
IBL Software Engineering has released patches to address this issue.
Users are strongly advised to upgrade to Visual Weather versions 7.3.10 or higher and 8.6.0 or higher.
In addition to applying the patch, organizations should implement the following temporary mitigations:
1.Disable Vulnerable Pipelines: Deactivate PDS pipelines that utilize the IPDS pipeline with Message Editor Output Filters.
2.Restrict Privileges: Ensure Visual Weather services are not run under privileged user accounts.
3.Network Access Control: Limit access to the PDS pipeline endpoint by restricting it to trusted IP ranges.
The vulnerability is triggered when the PDS pipeline uses the IPDS pipeline with Message Editor Output Filters enabled.
Attackers can send malicious requests containing specially crafted Form Properties to execute arbitrary Python code on the server.
Organizations using affected versions of Visual Weather or its derivatives should act immediately to mitigate this risk by applying patches and following best practices for secure server configurations.
This vulnerability underscores the importance of adhering to installation best practices and maintaining up-to-date software versions to safeguard critical systems against emerging threats.
.webp?w=1200&resize=1200,0&ssl=1 "Fault Injection Attacks")
