Geoserver Security Vulnerabilities and Issues — Geoserver CVE List

Lucene search

OsgeoGeoserver

7 matches found

CVE•added 2025/06/10 4:15 p.m.•100 views

CVE-2025-30220

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in pa...

9.9CVSS9.3AI score0.08952EPSS

In wild

CVE•added 2025/06/10 3:15 p.m.•67 views

CVE-2024-29198

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) via the Demo request endpoint if Proxy Base URL has not been set. Upgrading to GeoServer 2.24.4, or 2.25.2, removes the TestWfs...

8.2CVSS7.5AI score0.08781EPSS

CVE•added 2025/06/10 3:15 p.m.•65 views

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerabil...

5.5CVSS5.3AI score0.0005EPSS

Web

CVE•added 2025/06/10 3:15 p.m.•51 views

CVE-2024-34711

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities (XEE) attack, then send GET request to any HTTP server. By default, GeoServer use PreventLoc...

9.3CVSS9.2AI score0.00045EPSS

CVE•added 2025/06/10 3:15 p.m.•50 views

CVE-2024-38524

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the st...

7.5CVSS5AI score0.00046EPSS

CVE•added 2025/06/10 3:15 p.m.•44 views

CVE-2025-27505

GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disc...

5.3CVSS5.2AI score0.00959EPSS

CVE•added 2025/06/10 3:15 p.m.•36 views

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerabi...

7.5CVSS7.3AI score0.00056EPSS