Lucene search
+L

CVE-2025-27505

🗓️ 10 Jun 2025 14:52:19Reported by GitHub_MType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 92 Views🌐 WEB

Vulnerability in GeoServer allows bypassing REST API security to access index page.

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
circl
CVE-2025-27505
10 Jul 202520:15
circl
cnnvd
GeoServer 安全漏洞
10 Jun 202500:00
cnnvd
cvelist
CVE-2025-27505 GeoServer Missing Authorization on REST API Index
10 Jun 202514:52
cvelist
euvd
EUVD-2025-17687
3 Oct 202520:07
euvd
github
GeoServer Missing Authorization on REST API Index
10 Jun 202519:16
github
nuclei
GeoServer - Missing Authorization on REST API Index
16 Jul 202609:41
nuclei
nvd
CVE-2025-27505
10 Jun 202515:15
nvd
osv
CVE-2025-27505 GeoServer Missing Authorization on REST API Index
10 Jun 202514:52
osv
osv
GHSA-H86G-X8MM-78M5 GeoServer Missing Authorization on REST API Index
10 Jun 202519:16
osv
ptsecurity
PT-2025-24671 · Geoserver · Geoserver
10 Jun 202500:00
ptsecurity
Rows per page
NVD
Vulners
Node
OR
osgeogeoserverRange<2.25.6
osgeogeoserverRange2.26.02.26.3
[
  {
    "vendor": "geoserver",
    "product": "geoserver",
    "versions": [
      {
        "version": ">= 2.26.0, < 2.26.3",
        "status": "affected"
      },
      {
        "version": "< 2.25.6",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
/rest.*pathrest.*Bypasses REST API security and can reveal index/config information via REST endpoint patterns.CWE-862
/rest/**pathrest.*Bypasses REST API security and can reveal index/config information via REST endpoint patterns.CWE-862
/gwc/rest.*pathgwc/rest.*GWC REST filter pattern exposure may allow access to REST/gwc endpoints beyond intended protections.CWE-862
/gwc/rest/**pathgwc/rest.*GWC REST filter pattern exposure may allow access to REST/gwc endpoints beyond intended protections.CWE-862

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:03Current
5.2Medium risk
Vulners AI Score5.2
CVSS 3.15.3
EPSS0.01022
SSVC
92