CVE-2025-27511

Sažetak

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.

Reference

https://github.com/geoserver/geoserver/releases/tag/2.27.0
https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7
https://nvd.nist.gov/vuln/detail/cve-2023-27867
https://osgeo-org.atlassian.net/browse/GEOT-7725

CVSS

Base:	7.2
Impact:	5.9
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

18-06-2026 - 18:04

Objavljeno

18-06-2026 - 16:16