CVE-2025-62193
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| noaa | live_access_server | From 8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the NOAA PMEL Live Access Server (LAS) software, where specially crafted requests containing PyFerret expressions can be used by a remote, unauthenticated attacker to execute arbitrary operating system commands. The vulnerability arises because the server processes these expressions without proper validation, allowing exploitation via a SPAWN command. The issue is fixed by updating the RequestInputFilter.java file to block requests containing Ferret expressions, returning an HTTP 404 error instead. [2, 3, 5]
How can this vulnerability impact me? :
If exploited, this vulnerability allows a remote attacker to execute arbitrary OS commands on the server running NOAA PMEL Live Access Server without authentication. This can lead to full compromise of the server, unauthorized access to sensitive data, disruption of services, and potential use of the server as a foothold for further attacks within the network. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for incoming HTTP requests containing PyFerret expressions, especially those attempting to use the SPAWN command to execute OS commands. Since the vulnerability involves specially crafted requests with Ferret expressions, inspecting web server logs or network traffic for suspicious requests containing 'ferret' expressions or unusual parameters may help. However, no specific detection commands are provided in the resources. [2, 3, 5]
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability, immediately update the 'RequestInputFilter.java' source file in the 'gov.noaa.pmel.tmap.las.filter' package with the fixed version available in the NOAA-PMEL LAS GitHub repository. After replacing the file, recompile the software using Apache Ant commands ('ant compile' and 'ant deploy') or manually copy the compiled '.class' file to the Tomcat web application directory ('$TOMCAT_HOME/webapps/las/WEB-INF/classes/gov/noaa/pmel/tmap/las/filter/'). Finally, restart the Tomcat server to apply the changes. Additionally, consider migrating to alternative tools as LAS is no longer recommended due to this vulnerability. [2]