CVE-2024-40625
MEDIUMGeoServer < 2.26.0 - Server-Side Request Forgery via Coverage REST API
Title source: llmDescription
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2
Issue Tracking, Patch x_refsource_misc
https://osgeo-org.atlassian.net/browse/GEOS-11468
Permissions Required x_refsource_misc
https://osgeo-org.atlassian.net/browse/GEOS-11717
Scores
CVSS v3
5.5
EPSS
0.0031
EPSS Percentile
22.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (3)
org.geoserver/gs-rest
0 - 2.26.0Maven
org.geoserver.web/gs-web-app
0 - 2.26.0Maven
osgeo/geoserver
< 2.26.0
Published
Jun 10, 2025
Tracked Since
Feb 18, 2026