CVE-2025-62193 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By le…
Critical CVSS: 9.3

CVE-2025-62193

Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of 'gov.noaa.pmel.tmap.las.filter.RequestInputFilter.java' from 2025-09-24.
Vendor
-
Product
-
CWE
CWE-78
Yayın Tarihi
2026-01-15 17:16:04
Güncelleme
2026-01-16 15:55:12
Source Identifier
9119a7d8-5eab-497f-8521-727c672e3725
KEV Date Added
-

Kategoriler

CWE-78 CRITICAL 2026

Referanslar

https://github.com/NOAA-PMEL/LAS/blob/main/README.md https://github.com/NOAA-PMEL/LAS/commit/de5f9237bfd4ac5085bcc49a6e30bbc9507ddb29 https://github.com/NOAA-PMEL/LAS/commit/e69afb1898ae7e69f3e047513fc1e5570373912b https://github.com/NOAA-PMEL/LAS/compare/b4b7306..de5f923 https://github.com/NOAA-PMEL/LAS/tree/main https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-26-015-01.json https://www.cve.org/CVERecord?id=CVE-2025-62193