CVE-2025-52465

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web pa...

CVE-2025-52465

GeoServer has an arbitrary file write vulnerability (CVE-2025-52465) in the Master Password Dump page. Before versions 2.26.4 and 2.27.3, an authenticated administrator with access to GeoServer’s security system can pass an absolute path as the target file name to the Master Password Dump page, c...

GHSA-7QMG-GRCP-QF25 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

PT-2026-49053

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.26.4 GeoServer versions prior to 2.27.3 Description An authenticated administrator with access to the security system can provide arbitrary absolute file paths to the Master Password Dump web page to create files...