CVE-2025-27511
HighCVSS 7.2Exploitation Probability (EPSS)
Low risk43th percentile — higher than 43% of all known CVEs
Summary
GeoServer is an open source software that allows users to share and edit geospatial data. In versions prior to 2.27.0 of the DB2 DataStore extension, an administrator could perform a JNDI attack via a specially crafted DB2 jdbc URL, leading to Remote Code Execution (RCE). Version 2.27.0 fixes this issue.
Risk Assessment
An attacker could gain remote access to the system, posing a serious threat to the security of the organization's data and infrastructure.
Recommendation
It is recommended to upgrade to version 2.27.0 or later to secure the system against this type of attack.
Original NVD description (English source)
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.

