CVE-2024-40625

| EUVD-2025-17667 MEDIUM
2025-06-10 [email protected] GHSA-r4hf-r8gj-jgw2
5.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

4
EUVD ID Assigned
Mar 14, 2026 - 19:49 euvd
EUVD-2025-17667
Analysis Generated
Mar 14, 2026 - 19:49 vuln.today
Patch Released
Mar 14, 2026 - 19:49 nvd
Patch available
CVE Published
Jun 10, 2025 - 15:15 nvd
MEDIUM 5.5

Tags

SSRF Geoserver

Description

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.

Analysis

GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.

Technical Context

Server-Side Request Forgery allows an attacker to induce the server to make HTTP requests to arbitrary destinations, including internal services. This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918).

Affected Products

Affected products: Osgeo Geoserver

Remediation

A vendor patch is available — apply it immediately. Validate and whitelist allowed URLs and IP ranges. Block requests to internal/private IP ranges. Use network segmentation to limit server-side request scope.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +28
POC: 0

Share

CVE-2024-40625 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy