Remote Code Execution Vulnerability in NOAA PMEL Live Access Server
CVE-2025-62193

9.3CRITICAL

Key Information:

Vendor

National Oceanic And Atmospheric Administration (noaa)

Status
Live Access Server (las)
Vendor
CVE Published:
15 January 2026

What is CVE-2025-62193?

The NOAA PMEL Live Access Server (LAS) is susceptible to remote code execution due to a flaw that allows unauthenticated attackers to send specially crafted requests containing PyFerret expressions. This vulnerability enables attackers to exploit the SPAWN command, potentially leading to the execution of arbitrary operating system commands on the server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Live Access Server (LAS) 8

Live Access Server (LAS) 8

References

https://github.com/NOAA-PMEL/LAS/tree/main
product
https://github.com/NOAA-PMEL/LAS/blob/main/README.md
patch
https://www.cve.org/CVERecord?id=CVE-2025-62193
vdb-entry

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.