Satellite Weather Software Vulnerabilities Let Attackers Execute Code Remotely

IBL Software Engineering has disclosed a significant security vulnerability, identified as CVE-2025-1077, affecting its Visual Weather software and derivative products, including Aero Weather, Satellite Weather, and NAMIS.

This vulnerability allows remote, unauthenticated attackers to execute arbitrary Python code on affected servers, posing a severe risk of full system compromise.

The issue resides in the Product Delivery Service (PDS) component of Visual Weather when specific server configurations enable the use of Message Editor Output Filters within the IPDS pipeline.

- Advertisement -

By sending specially crafted requests with manipulated Form Properties, attackers can exploit the vulnerability to trigger unauthorized code execution.

This risk is heightened if the Visual Weather services are improperly configured to run under privileged user accounts, contrary to recommended best practices.

Affected Versions and Severity

The vulnerability impacts several versions of Visual Weather and its derived products:

• Visual Weather: Versions 8.2.5, 7.3.9, 7.3.6 (Enterprise Build), and 8.5.2 (Enterprise Build)
• Derived Products: Aero Weather, Satellite Weather, and NAMIS (same versions as above)

The flaw has been assigned a high CVSS score of 8.1, reflecting its critical nature.

If exploited, it could compromise confidentiality, integrity, and availability of the affected systems.

Mitigation

IBL Software Engineering has urged all users to take immediate action to address this vulnerability:

1. Update Affected Systems: Upgrade to patched versions of Visual Weather 7.3.10 or higher and 8.6.0 or higher.
2. Temporary Mitigations:

• Disable PDS pipelines utilizing IPDS pipelines in server configurations.
• Ensure that Visual Weather services are not executed under privileged user accounts.
• Restrict network access to PDS pipeline endpoints to trusted IP ranges.

Organizations are also advised to review their server configurations and implement robust security measures such as network segmentation and strong authentication protocols for all interfaces.

This vulnerability underscores the critical importance of adhering to installation best practices and securing server configurations in weather software systems.

The ability for attackers to remotely execute code not only jeopardizes operational integrity but also raises concerns about potential misuse in sensitive applications like aviation and satellite weather monitoring.

Are you from SOC/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox - Try for Free