CVE-2025-1077
published 2025-02-07CVE-2025-1077: A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The…
PriorityP265critical9.5CVSS 4.0
AVNACHATPPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.79%
51.7th percentile
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.
A remote unauthenticated
attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices.
Upgrade to the patched versions 7.3.10 (or higher), 8.6.0 (or higher).
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibl_software_engineering | aero_weather | — | — |
| ibl_software_engineering | aero_weather | — | — |
| ibl_software_engineering | aero_weather | — | — |
| ibl_software_engineering | aero_weather | — | — |
| ibl_software_engineering | namis | — | — |
| ibl_software_engineering | namis | — | — |
| ibl_software_engineering | namis | — | — |
| ibl_software_engineering | namis | — | — |
| ibl_software_engineering | satellite_weather | — | — |
| ibl_software_engineering | satellite_weather | — | — |
| ibl_software_engineering | satellite_weather | — | — |
| ibl_software_engineering | satellite_weather | — | — |
| ibl_software_engineering | visual_weather | — | — |
| ibl_software_engineering | visual_weather | — | — |
| ibl_software_engineering | visual_weather | — | — |
| ibl_software_engineering | visual_weather | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w762-973h-phj5: A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weath
ghsa_unreviewed·2025-02-07
CVE-2025-1077 [CRITICAL] CWE-20 GHSA-w762-973h-phj5: A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weath
A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server configurations where the PDS pipeline utilizes the IPDS pipeline with Message Editor Output Filters enabled.
A remote unauthenticated
attacker can exploit this vulnerability to send unauthenticated requests to execute the IPDS pipeline with specially crafted Form Properties, enabling remote execution of arbitrary Python code. This vulnerability could lead to a full system compromise of the affected server, particularly if Visual Weather services are run under a privileged user account—contrary to the documented installation best practices.
Citrix
Citrix Security Bulletin CTX105650
vendor_citrix·CVSS 5.0
CVE-2004-1077 [MEDIUM] Citrix Security Bulletin CTX105650
Citrix Security Bulletin CTX105650
CVE References: CVE-2004-1077, CVE-2004-1078, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-07
Published