CVE-2025-62193
Published: 15 January 2026
Summary
CVE-2025-62193 is a critical-severity OS Command Injection (CWE-78) vulnerability in Githubusercontent (inferred from references). Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-62193 is a remote code execution vulnerability in sites running NOAA PMEL Live Access Server (LAS). The flaw arises from specially crafted requests that include PyFerret expressions, allowing exploitation via a SPAWN command to execute arbitrary OS commands. It is classified under CWE-78 (OS Command Injection) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The vulnerability was addressed in an update to the file 'gov.noaa.pmel.tmap.las.filter.RequestInputFilter.java' dated 2025-09-24.
A remote, unauthenticated attacker can exploit this vulnerability by sending malicious requests to a LAS instance accessible over the network. Exploitation requires low complexity and no privileges or user interaction, enabling the attacker to achieve high impacts on confidentiality, integrity, and availability through arbitrary OS command execution on the server.
Mitigation requires updating LAS to the patched version, with fixes implemented in GitHub commits such as de5f9237bfd4ac5085bcc49a6e30bbc9507ddb29 and e69afb1898ae7e69f3e047513fc1e5570373912b in the NOAA-PMEL/LAS repository. Additional details are available in the repository's README.md, version comparison from b4b7306 to de5f923, and the main branch tree.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-2723
Vulnerability details
Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version…
more
of 'gov.noaa.pmel.tmap.las.filter.RequestInputFilter.java' from 2025-09-24.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote code execution flaw in a public-facing web application (NOAA PMEL LAS) exploitable via crafted requests for arbitrary OS command execution without authentication or user interaction, directly enabling T1190: Exploit Public-Facing Application.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Implements input validation at entry points to reject specially crafted PyFerret expressions containing SPAWN commands, directly preventing OS command injection.
Requires timely patching of the identified flaw in gov.noaa.pmel.tmap.las.filter.RequestInputFilter.java to eliminate the vulnerability.
Restricts dangerous information inputs such as PyFerret SPAWN commands using defined tools and procedures to block exploitation attempts.