{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T22:07:16.709","vulnerabilities":[{"cve":{"id":"CVE-2025-1077","sourceIdentifier":"incident@nbu.gov.sk","published":"2025-02-07T09:15:08.380","lastModified":"2025-02-07T09:15:08.380","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.\n\nA remote unauthenticated\n\nattacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices.\n\n\n\nUpgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher)."},{"lang":"es","value":"Se ha identificado una vulnerabilidad de seguridad en Visual Weather de IBL Software Engineering y productos derivados (NAMIS, Aero Weather, Satellite Weather). La vulnerabilidad está presente en el componente Product Delivery Service (PDS) en configuraciones de servidor específicas donde la canalización PDS utiliza la canalización IPDS con filtros de salida del editor de mensajes habilitados. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para enviar solicitudes no autenticadas para ejecutar la canalización IPDS con propiedades de formulario especialmente manipuladas, lo que permite la ejecución remota de código Python arbitrario. Esta vulnerabilidad podría provocar un compromiso total del sistema del servidor afectado, en particular si los servicios de Visual Weather se ejecutan bajo una cuenta de usuario privilegiada, lo que contradice las prácticas recomendadas de instalación documentadas. Actualice a las versiones parcheadas 7.3.10 (o superior), 8.6.0 (o superior)."}],"metrics":{"cvssMetricV40":[{"source":"incident@nbu.gov.sk","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0\/AV:N\/AC:H\/AT:P\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:H\/SI:H\/SA:H\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X","baseScore":9.5,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"PRESENT","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"incident@nbu.gov.sk","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https:\/\/www.iblsoft.com\/security\/advisory-isec-2024-001\/","source":"incident@nbu.gov.sk"}]}}]}