HIGH🇬🇧 English

CVE-2025-27511

CVSS 7.2v3.1pub. 2026-06-18upd. 2026-06-24

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Osgeo Geoserver

    APP
    Osgeo
    < 2.27.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2024-34711CRITICAL9.3PL ✓ten sam produkt

GeoServer: XXE umożliwiające skanowanie sieci wewnętrznych (SSRF)

CVE-2025-30220CRITICAL9.9PL ✓ten sam produkt

XXE w GeoTools/GeoServer/GeoNetwork — podatność XML External Entity

CVE-2023-25157CRITICAL9.8ten sam produkt

GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...

CVE-2025-52465HIGH7.2ten sam produkt

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26...

CVE-2024-29198HIGH7.5ten sam produkt

GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...

CVE-2025-27511 — HIGH 7.2 | CVEbaza.pl