CVE-2025-58175

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

Summary

A GeoServer that uses ENTITY RESOLUTION ALLOWLIST may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF).

Details

This vulnerability requires that GeoServer is set up to use a proxy base URL and the ENTITY RESOLUTION ALLOWLIST (default since 2.25.0):

Impact

This vulnerability allows an attacker to cause GeoServer to make requests to an unintended location.

Workaround

GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash (e.g., https://somesite.org instead of https://somesite.org/ or https://somesite.org/geoserver). If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability.

Resources

https://osgeo-org.atlassian.net/browse/GEOS-11867 https://github.com/geoserver/geoserver/pull/8622

Credits:

Le Mau Anh Phong at Verichains Cyber Force

Fix

RCE

XXE

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-611CWE-918

Related Identifiers

CVE-2025-58175

GHSA-X4R9-GMW3-HXWW

Affected Products

Org.Geoserver.Web:Gs-Web-App

Org.Geoserver:Gs-Main

CVE-2025-58175

Summary

Details

Impact

Workaround

Resources

Credits:

Weakness Enumeration

Related Identifiers

Affected Products

References · 4