GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.
History

Tue, 26 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Osgeo
Osgeo geoserver
CPEs cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*
Vendors & Products Osgeo
Osgeo geoserver

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00049}

epss

{'score': 0.00054}


Tue, 10 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.
Title GeoServer has an Infinite Loop Vulnerability in Jiffle process
Weaknesses CWE-835
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-06-10T15:16:31.100Z

Reserved: 2025-03-17T12:41:42.564Z

Link: CVE-2025-30145

cve-icon Vulnrichment

Updated: 2025-06-10T15:16:19.470Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-10T15:15:24.070

Modified: 2025-08-26T16:11:23.463

Link: CVE-2025-30145

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-06-24T09:51:37Z