FKIE_CVE-2025-1077

Vulnerability from fkie_nvd - Published: 2025-02-07 09:15 - Updated: 2025-02-07 09:15
Severity ?
9.5 (Critical) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled. A remote unauthenticated attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices. Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).
References
incident@nbu.gov.skhttps://www.iblsoft.com/security/advisory-isec-2024-001/
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather).\u00a0The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.\n\nA remote\u00a0unauthenticated\n\nattacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS\u00a0pipeline\u00a0with specially crafted Form Properties, enabling remote execution of arbitrary Python code.\u00a0This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services\u00a0are run under a privileged user account\u2014contrary to the documented installation best practices.\n\n\n\nUpgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher)."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad de seguridad en Visual Weather de IBL Software Engineering y productos derivados (NAMIS, Aero Weather, Satellite Weather). La vulnerabilidad est\u00e1 presente en el componente Product Delivery Service (PDS) en configuraciones de servidor espec\u00edficas donde la canalizaci\u00f3n PDS utiliza la canalizaci\u00f3n IPDS con filtros de salida del editor de mensajes habilitados. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para enviar solicitudes no autenticadas para ejecutar la canalizaci\u00f3n IPDS con propiedades de formulario especialmente manipuladas, lo que permite la ejecuci\u00f3n remota de c\u00f3digo Python arbitrario. Esta vulnerabilidad podr\u00eda provocar un compromiso total del sistema del servidor afectado, en particular si los servicios de Visual Weather se ejecutan bajo una cuenta de usuario privilegiada, lo que contradice las pr\u00e1cticas recomendadas de instalaci\u00f3n documentadas. Actualice a las versiones parcheadas 7.3.10 (o superior), 8.6.0 (o superior)."
    }
  ],
  "id": "CVE-2025-1077",
  "lastModified": "2025-02-07T09:15:08.380",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 9.5,
          "baseSeverity": "CRITICAL",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "HIGH",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "incident@nbu.gov.sk",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-07T09:15:08.380",
  "references": [
    {
      "source": "incident@nbu.gov.sk",
      "url": "https://www.iblsoft.com/security/advisory-isec-2024-001/"
    }
  ],
  "sourceIdentifier": "incident@nbu.gov.sk",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "incident@nbu.gov.sk",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.