CVE-2025-27511

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution (RCE).

Impact

If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code.

Details

Authenticated users can access Vector Data Sources page to creating a new data store through db2 jdbc connection, performing JNDI attack due to unrestricted connection parameters, and then achieve RCE with deserialization of untrusted data.

Remediation

This issue has been fixed in this release: https://github.com/geoserver/geoserver/releases/tag/2.27.0.

References

Fix

Deserialization of Untrusted Data

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-74

Related Identifiers

CVE-2025-27511

GHSA-G628-R368-6VH7

Affected Products

Org.Geoserver.Extension:Gs-Db2

CVE-2025-27511

Summary

Impact

Details

Remediation

References

Weakness Enumeration

Related Identifiers

Affected Products

References · 4