Security Advisory

CVE-2025-62193

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-15 16:44:15

Last updated 2026-01-15 18:47:34

Assigner cisa-cg

State PUBLISHED

Description

Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of gov.noaa.pmel.tmap.las.filter.RequestInputFilter.java from 2025-09-24.

← Browse all CVEs View on cve.org ↗