CVE-2023-25158

CRITICAL EXPLOITED

GeoTools < 24.7 and 28.0-28.2 - SQL Injection via OGC Filter Execution

Title source: llm

Exploitation Summary

CVE-2023-25158 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit.

AI-analyzed exploit summary This repository provides a detailed technical analysis of SQL injection vulnerabilities in GeoServer (CVE-2023-25157) and GeoTools (CVE-2023-25158), including affected versions, root causes, and mitigation strategies. It does not contain exploit code but offers in-depth explanations of the vulnerabilities.

Description

GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.

Exploits (1)

vulncheck_xdb WRITEUP

remote

https://github.com/murataydemir/CVE-2023-25157-and-CVE-2023-25158

View Code ZIP pw:eip

This repository provides a detailed technical analysis of SQL injection vulnerabilities in GeoServer (CVE-2023-25157) and GeoTools (CVE-2023-25158), including affected versions, root causes, and mitigation strategies. It does not contain exploit code but offers in-depth explanations of the vulnerabilities.

Classification

Writeup 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Theoretical

Target: GeoServer (< 2.21.4, >= 2.22.0, < 2.22.2) and GeoTools (< 28.2, < 27.4, < 26.7, < 25.7, < 24.7)

No auth needed

Prerequisites: Access to GeoServer or GeoTools with vulnerable configurations

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 25, 2026 Full analysis →

References (2)

Core 2

Core References

Mitigation, Vendor Advisory x_refsource_confirm

https://github.com/geotools/geotools/security/advisories/GHSA-99c3-qc2q-p94m

Patch x_refsource_misc

https://github.com/geotools/geotools/commit/64fb4c47f43ca818c2fe96a94651bff1b3b3ed2b

View Patch ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0465

EPSS Percentile 89.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2020-09-22

CWE

CWE-89

Status published

Products (2)

geotools/geotools < 24.7

org.geotools/gt-jdbc 28.0 - 28.2Maven

Published Feb 21, 2023

Tracked Since Feb 18, 2026