CISA Releases Advisory on Lessons Learned from an Incident Response Engagement

Today, CISA released a cybersecurity advisory detailing lessons learned from an incident response engagement following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response tool. This advisory, CISA Shares Lesson...

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Cybersecurity researchers are calling attention to multiple campaigns that are taking advantage of known security vulnerabilities and exposed Redis servers to various malicious activities, including leveraging the compromised devices as IoT botnets, residential proxies, or cryptocurrency mining...

VulnCheck KEV: CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

VulnCheck KEV: CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

VulnCheck KEV: CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

Vulnerability fixed in GeoServer

GeoServer developers have fixed a vulnerability in GeoServer 2.27.0, 2.26.2, 2.25.6, GeoTools 33.0, 32.2, 31.6, 28.6.0 and GeoNetwork 4.4.7, 4..2.12. The vulnerability is located in the Eclipse XSD library. The vulnerability allows unauthenticated attackers to potentially execute code and access...

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This...

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. The REST API index can...

CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/workspaceName/coveragestores/storeName/method.format allows attackers to upload files with a specified url with method equals 'url' with no restrict. This vulnerability is fix...

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the...

CVE-2024-38524

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPageHttpServletRequest, HttpServletResponse has no check to hide potentially sensitive information from users except for a hidden system property to hide the...

CVE-2024-34711

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

GHSA-68CF-J696-WVV9 GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx

Summary Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint. Mitigation To manage the proxy base value as a system administrator, use the parameter PROXYBASEURL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith...

GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx

Summary Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint. Mitigation To manage the proxy base value as a system administrator, use the parameter PROXYBASEURL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith...

GHSA-JJ54-8F66-C5PC [XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service

Summary GeoServer Web Feature Service WFS web service was found to be vulnerable to GeoTools CVE-2025-30220 XML External Entity XXE processing attack. It is possible to trigger the parsing of external DTDs and entities, bypassing standard entity resolvers. This allows for Out-of-Band OOB data...

[XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service

Summary GeoServer Web Feature Service WFS web service was found to be vulnerable to GeoTools CVE-2025-30220 XML External Entity XXE processing attack. It is possible to trigger the parsing of external DTDs and entities, bypassing standard entity resolvers. This allows for Out-of-Band OOB data...

GHSA-GR67-PWCV-76GF GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

GHSA-H86G-X8MM-78M5 GeoServer Missing Authorization on REST API Index

Summary It is possible to bypass the default REST API security and access the index page. Details The REST API security handles rest and its subpaths but not rest with an extension e.g., rest.html. Impact The REST API index can disclose whether certain extensions are installed. Workaround In...