Remote Code Execution Vulnerability in IBL Software Engineering Visual Weather and Related Products

CVE-2025-1077

What is CVE-2025-1077?

A remote code execution vulnerability has been discovered in IBL Software Engineering's Visual Weather and its related products, which includes NAMIS, Aero Weather, and Satellite Weather. This vulnerability resides in the Product Delivery Service (PDS) component when certain server configurations are in place. By exploiting this weakness, an unauthenticated attacker can send crafted requests to execute the IPDS pipeline with manipulated Form Properties, potentially leading to the execution of arbitrary Python code. If the affected services are run under a privileged user account, the attacker may gain full control over the server, breaching documented installation and security best practices. Users are advised to upgrade to patched versions 7.3.10 or higher and 8.6.0 or higher as soon as possible.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

TheSecMaster

CVE-2025-1077

Fix CVE-2025-1077: Visual Weather RCE Vulnerability

Learn how to identify and fix the critical CVE-2025-1077 vulnerability in Visual Weather Systems. Protect your weather forecasting infrastructure now.

References