CVE Catalog

CVE-2025-27511

HighCVSS 7.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.58%

43th percentile — higher than 43% of all known CVEs

Summary

GeoServer is an open source software that allows users to share and edit geospatial data. In versions prior to 2.27.0 of the DB2 DataStore extension, an administrator could perform a JNDI attack via a specially crafted DB2 jdbc URL, leading to Remote Code Execution (RCE). Version 2.27.0 fixes this issue.

Risk Assessment

An attacker could gain remote access to the system, posing a serious threat to the security of the organization's data and infrastructure.

Recommendation

It is recommended to upgrade to version 2.27.0 or later to secure the system against this type of attack.

Original NVD description (English source)

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS