CVE-2025-62193
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-15

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description
Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of 'gov.noaa.pmel.tmap.las.filter.RequestInputFilter.java' from 2025-09-24.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-15
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62193
EUVD
EUVD-2026-2723
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
noaa live_access_server From 8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects the NOAA PMEL Live Access Server (LAS) software, where specially crafted requests containing PyFerret expressions can be used by a remote, unauthenticated attacker to execute arbitrary operating system commands. The vulnerability arises because the server processes these expressions without proper validation, allowing exploitation via a SPAWN command. The issue is fixed by updating the RequestInputFilter.java file to block requests containing Ferret expressions, returning an HTTP 404 error instead. [2, 3, 5]

Impact Analysis

If exploited, this vulnerability allows a remote attacker to execute arbitrary OS commands on the server running NOAA PMEL Live Access Server without authentication. This can lead to full compromise of the server, unauthorized access to sensitive data, disruption of services, and potential use of the server as a foothold for further attacks within the network. [2, 3]

Detection Guidance

Detection can involve monitoring for incoming HTTP requests containing PyFerret expressions, especially those attempting to use the SPAWN command to execute OS commands. Since the vulnerability involves specially crafted requests with Ferret expressions, inspecting web server logs or network traffic for suspicious requests containing 'ferret' expressions or unusual parameters may help. However, no specific detection commands are provided in the resources. [2, 3, 5]

Mitigation Strategies

To mitigate the vulnerability, immediately update the 'RequestInputFilter.java' source file in the 'gov.noaa.pmel.tmap.las.filter' package with the fixed version available in the NOAA-PMEL LAS GitHub repository. After replacing the file, recompile the software using Apache Ant commands ('ant compile' and 'ant deploy') or manually copy the compiled '.class' file to the Tomcat web application directory ('$TOMCAT_HOME/webapps/las/WEB-INF/classes/gov/noaa/pmel/tmap/las/filter/'). Finally, restart the Tomcat server to apply the changes. Additionally, consider migrating to alternative tools as LAS is no longer recommended due to this vulnerability. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62193. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart