CVE-2025-59431

Name of the Vulnerable Software and Affected Versions MapServer versions prior to 8.4.1

Description MapServer, a system for developing web-based GIS applications, contains a flaw in the XML Filter Query directive PropertyName. The PropertyName directive is susceptible to Boolean-based SQL injection due to bypassed expression checking when double quote characters are introduced. This allows manipulation of backend database queries.

Recommendations Update to MapServer version 8.4.1 or later.