{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1077", "assignerOrgId": "bc375322-d3d7-4481-b261-e29662236cfd", "state": "PUBLISHED", "assignerShortName": "SK-CERT", "dateReserved": "2025-02-06T11:23:05.466Z", "datePublished": "2025-02-07T08:32:01.813Z", "dateUpdated": "2025-02-07T15:53:44.186Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Visual Weather", "vendor": "IBL Software Engineering", "versions": [{"status": "affected", "version": "8.2.5"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "7.3.6 (Enterprise Build)"}, {"status": "affected", "version": "8.5.2 (Enterprise Build)"}]}, {"defaultStatus": "unaffected", "product": "NAMIS", "vendor": "IBL Software Engineering", "versions": [{"status": "affected", "version": "8.2.5"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "7.3.6 (Enterprise Build)"}, {"status": "affected", "version": "8.5.2 (Enterprise Build)"}]}, {"defaultStatus": "unaffected", "product": "Aero Weather", "vendor": "IBL Software Engineering", "versions": [{"status": "affected", "version": "8.2.5"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "7.3.6 (Enterprise Build)"}, {"status": "affected", "version": "8.5.2 (Enterprise Build)"}]}, {"defaultStatus": "unaffected", "product": "Satellite Weather", "vendor": "IBL Software Engineering", "versions": [{"status": "affected", "version": "8.2.5"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "7.3.6 (Enterprise Build)"}, {"status": "affected", "version": "8.5.2 (Enterprise Build)"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerability is triggered in server configurations where the <b>PDS pipeline</b> utilizes the <b>IPDS pipeline</b> with <b>Message Editor Output Filters</b> enabled<br>"}], "value": "The vulnerability is triggered in server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled"}], "credits": [{"lang": "en", "type": "finder", "value": "Ianis BERNARD (NCIA)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A security vulnerability has been identified in the <b>IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)</b>.&nbsp;The vulnerability is present in the <b>Product Delivery Service (PDS) component in specific server configurations</b> where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.</p><p>A remote&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">unauthenticated</span>\n\nattacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS&nbsp;pipeline&nbsp;with specially crafted Form Properties, enabling <b>remote execution of arbitrary Python code</b>.&nbsp;<span style=\"background-color: var(--wht);\">This vulnerability could lead to a <b>full system compromise</b> of the affected server, particularly if Visual Weather services</span><span style=\"background-color: var(--wht);\">&nbsp;are run under a privileged user account\u2014contrary to the documented installation best practices.</span></p><p><span style=\"background-color: var(--wht);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).</span>\n\n<br></span></p>"}], "value": "A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather).\u00a0The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.\n\nA remote\u00a0unauthenticated\n\nattacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS\u00a0pipeline\u00a0with specially crafted Form Properties, enabling remote execution of arbitrary Python code.\u00a0This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services\u00a0are run under a privileged user account\u2014contrary to the documented installation best practices.\n\n\n\nUpgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher)."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}, {"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 9.5, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bc375322-d3d7-4481-b261-e29662236cfd", "shortName": "SK-CERT", "dateUpdated": "2025-02-07T08:43:31.311Z"}, "references": [{"url": "https://www.iblsoft.com/security/advisory-isec-2024-001/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).<br>"}], "value": "Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher)."}], "source": {"discovery": "UNKNOWN"}, "title": "Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In order to mitigate the vulnerability:<br>-&nbsp;Disable PDS pipelines utilizing IPDS pipelines in server configurations.<br>-&nbsp;Enforce installation best practices by ensuring Visual Weather services are not run under a privileged user account.<br>-&nbsp;Restrict network access to the PDS pipeline endpoint to trusted IP ranges only.<br><br>It is also recommended to </span><span style=\"background-color: rgb(255, 255, 255);\">contact IBL Support Team for more detailed security and server hardening guidelines.</span><br>"}], "value": "In order to mitigate the vulnerability:\n-\u00a0Disable PDS pipelines utilizing IPDS pipelines in server configurations.\n-\u00a0Enforce installation best practices by ensuring Visual Weather services are not run under a privileged user account.\n-\u00a0Restrict network access to the PDS pipeline endpoint to trusted IP ranges only.\n\nIt is also recommended to contact IBL Support Team for more detailed security and server hardening guidelines."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T15:53:17.352997Z", "id": "CVE-2025-1077", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T15:53:44.186Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1077", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T15:53:17.352997Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T15:53:38.044Z"}}], "cna": {"title": "Remote Code Execution vulnerability in IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Ianis BERNARD (NCIA)"}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}, {"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBL Software Engineering", "product": "Visual Weather", "versions": [{"status": "affected", "version": "8.2.5"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "7.3.6 (Enterprise Build)"}, {"status": "affected", "version": "8.5.2 (Enterprise Build)"}], "defaultStatus": "unaffected"}, {"vendor": "IBL Software Engineering", "product": "NAMIS", "versions": [{"status": "affected", "version": "8.2.5"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "7.3.6 (Enterprise Build)"}, {"status": "affected", "version": "8.5.2 (Enterprise Build)"}], "defaultStatus": "unaffected"}, {"vendor": "IBL Software Engineering", "product": "Aero Weather", "versions": [{"status": "affected", "version": "8.2.5"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "7.3.6 (Enterprise Build)"}, {"status": "affected", "version": "8.5.2 (Enterprise Build)"}], "defaultStatus": "unaffected"}, {"vendor": "IBL Software Engineering", "product": "Satellite Weather", "versions": [{"status": "affected", "version": "8.2.5"}, {"status": "affected", "version": "7.3.9"}, {"status": "affected", "version": "7.3.6 (Enterprise Build)"}, {"status": "affected", "version": "8.5.2 (Enterprise Build)"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).", "supportingMedia": [{"type": "text/html", "value": "Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).<br>", "base64": false}]}], "references": [{"url": "https://www.iblsoft.com/security/advisory-isec-2024-001/"}], "workarounds": [{"lang": "en", "value": "In order to mitigate the vulnerability:\n-\u00a0Disable PDS pipelines utilizing IPDS pipelines in server configurations.\n-\u00a0Enforce installation best practices by ensuring Visual Weather services are not run under a privileged user account.\n-\u00a0Restrict network access to the PDS pipeline endpoint to trusted IP ranges only.\n\nIt is also recommended to contact IBL Support Team for more detailed security and server hardening guidelines.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In order to mitigate the vulnerability:<br>-&nbsp;Disable PDS pipelines utilizing IPDS pipelines in server configurations.<br>-&nbsp;Enforce installation best practices by ensuring Visual Weather services are not run under a privileged user account.<br>-&nbsp;Restrict network access to the PDS pipeline endpoint to trusted IP ranges only.<br><br>It is also recommended to </span><span style=\"background-color: rgb(255, 255, 255);\">contact IBL Support Team for more detailed security and server hardening guidelines.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather).\u00a0The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.\n\nA remote\u00a0unauthenticated\n\nattacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS\u00a0pipeline\u00a0with specially crafted Form Properties, enabling remote execution of arbitrary Python code.\u00a0This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services\u00a0are run under a privileged user account\u2014contrary to the documented installation best practices.\n\n\n\nUpgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).", "supportingMedia": [{"type": "text/html", "value": "<p>A security vulnerability has been identified in the <b>IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather)</b>.&nbsp;The vulnerability is present in the <b>Product Delivery Service (PDS) component in specific server configurations</b> where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.</p><p>A remote&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">unauthenticated</span>\n\nattacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS&nbsp;pipeline&nbsp;with specially crafted Form Properties, enabling <b>remote execution of arbitrary Python code</b>.&nbsp;<span style=\"background-color: var(--wht);\">This vulnerability could lead to a <b>full system compromise</b> of the affected server, particularly if Visual Weather services</span><span style=\"background-color: var(--wht);\">&nbsp;are run under a privileged user account\u2014contrary to the documented installation best practices.</span></p><p><span style=\"background-color: var(--wht);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).</span>\n\n<br></span></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "configurations": [{"lang": "en", "value": "The vulnerability is triggered in server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled", "supportingMedia": [{"type": "text/html", "value": "The vulnerability is triggered in server configurations where the <b>PDS pipeline</b> utilizes the <b>IPDS pipeline</b> with <b>Message Editor Output Filters</b> enabled<br>", "base64": false}]}], "providerMetadata": {"orgId": "bc375322-d3d7-4481-b261-e29662236cfd", "shortName": "SK-CERT", "dateUpdated": "2025-02-07T08:43:31.311Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1077", "state": "PUBLISHED", "dateUpdated": "2025-02-07T15:53:44.186Z", "dateReserved": "2025-02-06T11:23:05.466Z", "assignerOrgId": "bc375322-d3d7-4481-b261-e29662236cfd", "datePublished": "2025-02-07T08:32:01.813Z", "assignerShortName": "SK-CERT"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather).\u00a0The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.\n\nA remote\u00a0unauthenticated\n\nattacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS\u00a0pipeline\u00a0with specially crafted Form Properties, enabling remote execution of arbitrary Python code.\u00a0This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services\u00a0are run under a privileged user account\u2014contrary to the documented installation best practices.\n\n\n\nUpgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher)."}], "id": "CVE-2025-1077", "lastModified": "2025-02-07T09:15:08.380", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.5, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "incident@nbu.gov.sk", "type": "Secondary"}]}, "published": "2025-02-07T09:15:08.380", "references": [{"source": "incident@nbu.gov.sk", "url": "https://www.iblsoft.com/security/advisory-isec-2024-001/"}], "sourceIdentifier": "incident@nbu.gov.sk", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-502"}], "source": "incident@nbu.gov.sk", "type": "Secondary"}]}

{}