NOAA PMEL Live Access Server (LAS) Remote Code Execution Vulnerability via PyFerret Expressions
Vulnerability
A remote code execution vulnerability has been identified in NOAA PMEL Live Access Server (LAS) version 8. This issue arises from the improper handling of PyFerret expressions in requests, which can be exploited by remote, unauthenticated attackers to execute arbitrary operating system commands. The vulnerability has been addressed in a patch available in the 'RequestInputFilter.java' file, dated September 24, 2025.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server, with the executed commands running in the operating system's command line interface.
Remediation
To address this vulnerability, users should replace the existing 'RequestInputFilter.java' file with the patched version available in the NOAA PMEL LAS GitHub repository. After updating the file, it should be compiled and deployed to the appropriate Tomcat directory. Finally, restart the Tomcat server.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.