GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Osgeo
Osgeo geoserver |
|
CPEs | cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:* | |
Vendors & Products |
Osgeo
Osgeo geoserver |
Sat, 12 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Tue, 10 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Jun 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0. | |
Title | GeoServer Coverage REST API Allows Server Side Request Forgery | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-06-10T14:55:09.694Z
Reserved: 2024-07-08T16:13:15.510Z
Link: CVE-2024-40625

Updated: 2025-06-10T14:55:05.236Z

Status : Analyzed
Published: 2025-06-10T15:15:23.043
Modified: 2025-08-26T16:22:20.640
Link: CVE-2024-40625

No data.

Updated: 2025-06-24T09:51:40Z