cbcvebase.
CVE-2024-38524
published 2025-06-10

CVE-2024-38524: GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest…

PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.37%
29.0th percentile
GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServletResponse) has no check to hide potentially sensitive information from users except for a hidden system property to hide the storage locations that defaults to showing the locations. This vulnerability is fixed in 2.26.2 and 2.25.6.

Affected

4 ranges
VendorProductVersion rangeFixed in
geoservergeoserver< 2.25.62.25.6
geoservergeoserver
osgeogeoserver< 2.25.62.25.6
osgeogeoserver>= 2.26.0 < 2.26.22.26.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.