ГлавнаяУязвимости → CVE-2025-27511
7.2высокая

CVE-2025-27511

Описание

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.

Затрагиваемое ПО
Osgeo Geoserver
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/geoserver/geoserver/releases/tag/2.27.0https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7https://nvd.nist.gov/vuln/detail/cve-2023-27867https://osgeo-org.atlassian.net/browse/GEOT-7725