Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-40625

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.

Published

2025-06-10T15:15:23.043

Last Modified

2025-08-26T16:22:20.640

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	osgeo	geoserver	< 2.26.0	Yes

References

https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2 Third Party Advisory ([email protected])
https://osgeo-org.atlassian.net/browse/GEOS-11468 Issue Tracking, Patch ([email protected])
https://osgeo-org.atlassian.net/browse/GEOS-11717 Permissions Required ([email protected])