HIGH🇵🇱 Wersja polska

CVE-2025-30145

CVSS 7.5v3.1pub. 2025-06-10upd. 2025-08-26

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Osgeo Geoserver

    APP
    Osgeo
    < 2.25.72.26.0 – 2.26.3 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2024-34711CRITICAL9.3PL ✓ten sam produkt

GeoServer: XXE umożliwiające skanowanie sieci wewnętrznych (SSRF)

CVE-2025-30220CRITICAL9.9PL ✓ten sam produkt

XXE w GeoTools/GeoServer/GeoNetwork — podatność XML External Entity

CVE-2023-25157CRITICAL9.8ten sam produkt

GeoServer is an open source software server written in Java that allows users to share and edit geospatial dat...

CVE-2025-27511HIGH7.2ten sam produkt

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27....

CVE-2025-52465HIGH7.2ten sam produkt

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26...