| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
| CVE-2025-27505 | 10 Jul 202520:15 | – | circl | |
| GeoServer 安全漏洞 | 10 Jun 202500:00 | – | cnnvd | |
| CVE-2025-27505 | 10 Jun 202514:52 | – | cve | |
| CVE-2025-27505 GeoServer Missing Authorization on REST API Index | 10 Jun 202514:52 | – | cvelist | |
| EUVD-2025-17687 | 3 Oct 202520:07 | – | euvd | |
| GeoServer Missing Authorization on REST API Index | 10 Jun 202519:16 | – | github | |
| CVE-2025-27505 | 10 Jun 202515:15 | – | nvd | |
| CVE-2025-27505 GeoServer Missing Authorization on REST API Index | 10 Jun 202514:52 | – | osv | |
| GHSA-H86G-X8MM-78M5 GeoServer Missing Authorization on REST API Index | 10 Jun 202519:16 | – | osv | |
| PT-2025-24671 · Geoserver · Geoserver | 10 Jun 202500:00 | – | ptsecurity |
| Source | Link |
|---|---|
| geoserver | www.geoserver.org/ |
| geoserver | www.geoserver.org/vulnerability/2025/06/10/cve-disclosure.html |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2025-27505 |
id: CVE-2025-27505
info:
name: GeoServer - Missing Authorization on REST API Index
author: securitytaters
severity: medium
description: |
GeoServer contains a missing authorization vulnerability that allows unauthorized access to the REST API Index page, potentially exposing sensitive configuration information.
impact: |
Unauthenticated users can access the GeoServer REST API Index page, potentially exposing sensitive configuration information and available API endpoints.
remediation: |
Upgrade to the latest GeoServer version that implements proper authorization checks for the REST API Index page.
reference:
- http://geoserver.org/
- https://geoserver.org/vulnerability/2025/06/10/cve-disclosure.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-27505
classification:
epss-score: 0.01022
epss-percentile: 0.59276
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2025-27505
cwe-id: CWE-862
cpe: cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
fofa-query: app="geoserver"
shodan-query: http.title:"geoserver"
vendor: osgeo
product: geoserver
tags: cve,cve2025,geoserver,misconfig,osgeo,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/rest.html"
- "{{BaseURL}}/geoserver/rest.html"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Geoserver Configuration API"
- type: word
part: body
words:
- "about/status"
- type: status
status:
- 200
# digest: 490a00463044022004821005ae2852441059592c64071ee1363764007e98fcb6be43be5a6297c3100220023406e97dd5ccf5ce7ac3760ba804018407dcd4495101da814356c664d53fc8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation