Summary: IBL Software Engineering has issued a critical security advisory for a Remote Code Execution (RCE) vulnerability (CVE-2025-1077) affecting multiple versions of their Visual Weather software and related products. Attackers can exploit this vulnerability to execute arbitrary Python code, potentially compromising affected servers. Users are encouraged to upgrade to the latest versions or apply temporary mitigation strategies immediately.
Affected: IBL Software Engineering and users of Visual Weather software and derived products.
Keypoints :
- Vulnerability identified as CVE-2025-1077 with a CVSSv4 score of 9.5.
- Affected products include Visual Weather versions 8.2.5, 7.3.9, 7.3.6 (Enterprise Build), and 8.5.2 (Enterprise Build), as well as derived products like Aero Weather.
- Recommended actions include upgrading to patched versions (7.3.10 or 8.6.0) and enforcing best practices to avoid running services under privileged accounts.
- Temporary mitigation includes disabling PDS pipelines using IPDS and restricting network access to trusted IP ranges.