Cyber Resilience

CVE-2025-1077

CriticalRCE

Published: 07 February 2025

Published
07 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.5 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0112 78.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1077 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Iblsoft (inferred from references). Its CVSS base score is 9.5 (Critical).

Operationally, ranked in the top 21.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A security vulnerability tracked as CVE-2025-1077 affects the Product Delivery Service (PDS) component in IBL Software Engineering Visual Weather and its derived products including NAMIS, Aero Weather, and Satellite Weather. The flaw exists only in specific server configurations where the PDS pipeline uses the IPDS pipeline with Message Editor Output Filters enabled. It stems from insufficient input validation and unsafe deserialization (CWE-20, CWE-502), allowing specially crafted Form Properties to trigger arbitrary Python code execution when the IPDS pipeline is invoked.

A remote unauthenticated attacker can exploit the issue by sending crafted requests directly to the affected PDS endpoint. Successful exploitation grants arbitrary Python code execution on the server, which can result in full system compromise, particularly when Visual Weather services run under a privileged account rather than following documented least-privilege installation guidance. The vulnerability carries a CVSS 4.0 score of 9.5 reflecting network attack vector, high impact on confidentiality, integrity, and availability, and scope change.

The vendor advisory at https://www.iblsoft.com/security/advisory-isec-2024-001/ recommends upgrading to version 7.3.10 or 8.6.0 and later to address the issue. Current EPSS remains low at 0.0112 with a modest peak of 0.0180, indicating limited observed exploitation interest to date.

EU & UK References

Vulnerability details

A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline…

more

utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices. Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Iblsoft
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-20 CWE-502

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

addresses: CWE-20 CWE-502

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-502

Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

addresses: CWE-502

Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.

addresses: CWE-502

Identifies and blocks malicious code introduced through deserialization of untrusted data at system boundaries.

addresses: CWE-502

Integrity verification of serialized information can detect tampering before deserialization occurs.

addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

References