HIGH🇬🇧 English

CVE-2025-30145

CVSS 7.5v3.1pub. 2025-06-10upd. 2025-08-26

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Osgeo Geoserver

    APP
    Osgeo
    < 2.25.72.26.0 – 2.26.3 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2024-34711CRITICAL9.3PL ✓ten sam produkt

GeoServer: XXE umożliwiające skanowanie sieci wewnętrznych (SSRF)

CVE-2025-30220CRITICAL9.9PL ✓ten sam produkt

XXE w GeoTools/GeoServer/GeoNetwork — podatność XML External Entity

CVE-2023-25157CRITICAL9.8ten sam produkt

GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...

CVE-2025-27511HIGH7.2ten sam produkt

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27....

CVE-2025-52465HIGH7.2ten sam produkt

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26...

CVE-2025-30145 — HIGH 7.5 | CVEbaza.pl