CVE-2024-40625
published 2025-06-10CVE-2024-40625: GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api…
PriorityP427medium4.9CVSS 3.1
AVNACLPRHUINSUCNIHAN
EPSS
0.31%
22.8th percentile
GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geoserver | geoserver | < 2.26.0 | 2.26.0 |
| osgeo | geoserver | < 2.26.0 | 2.26.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Coverage REST API Server Side Request Forgery
ghsa·2025-06-10
CVE-2024-40625 [MEDIUM] CWE-918 Coverage REST API Server Side Request Forgery
Coverage REST API Server Side Request Forgery
### Summary
The Coverage rest api `/workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format}` allow to upload file with a specified url (with {method} equals 'url') with no restrict.
### Details
The Coverage rest api `/workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format}` allow to upload file with a specified url (with {method} equals 'url'). But this url has not been check with [URL Checks feature](https://docs.geoserver.org/latest/en/user/security/urlchecks.html#url-checks).
For example, should add the code below to check fileURL:
```java
URLCheckers.confirm(fileURL)
```
The vulnerable code was [RESTUtils.java](https://github.com/geoserver/geoserver/blob/main/src/rest/src/main/java/org/geoserver/rest/u
OSV
Coverage REST API Server Side Request Forgery
osv·2025-06-10
CVE-2024-40625 [MEDIUM] Coverage REST API Server Side Request Forgery
Coverage REST API Server Side Request Forgery
### Summary
The Coverage rest api `/workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format}` allow to upload file with a specified url (with {method} equals 'url') with no restrict.
### Details
The Coverage rest api `/workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format}` allow to upload file with a specified url (with {method} equals 'url'). But this url has not been check with [URL Checks feature](https://docs.geoserver.org/latest/en/user/security/urlchecks.html#url-checks).
For example, should add the code below to check fileURL:
```java
URLCheckers.confirm(fileURL)
```
The vulnerable code was [RESTUtils.java](https://github.com/geoserver/geoserver/blob/main/src/rest/src/main/java/org/geoserver/rest/u
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-10
Published