CVE-2025-59431
published 2025-09-19CVE-2025-59431: MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.39%
30.9th percentile
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mapserver | < mapserver 7.6.2-1+deb11u1 (bullseye) | mapserver 7.6.2-1+deb11u1 (bullseye) |
| mapserver | mapserver | < 8.4.1 | 8.4.1 |
| osgeo | mapserver | — | — |
| osgeo | mapserver | >= 0 < 7.6.2-1+deb11u1 | 7.6.2-1+deb11u1 |
| osgeo | mapserver | >= 0 < 8.4.0-4+deb13u1 | 8.4.0-4+deb13u1 |
| osgeo | mapserver | >= 0 < 8.4.1-1 | 8.4.1-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.9HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv8.9HIGH
vendor_debian8.9HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2025-59431: mapserver - MapServer is a system for developing web-based GIS applications. Prior to 8.4.1,...
vendor_debian·2025·CVSS 8.9
CVE-2025-59431 [HIGH] CVE-2025-59431: mapserver - MapServer is a system for developing web-based GIS applications. Prior to 8.4.1,...
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.
Scope: local
bookworm: open
bullseye: resolved (fixed in 7.6.2-1+deb11u1)
forky: resolved (fixed in 8.4.1-1)
sid: resolved (fixed in 8.4.1-1)
trixie: resolved (fixed in 8.4.0-4+deb13u1)
OSV
CVE-2025-59431: MapServer is a system for developing web-based GIS applications
osv·2025-09-19·CVSS 8.9
CVE-2025-59431 [HIGH] CVE-2025-59431: MapServer is a system for developing web-based GIS applications
MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-19
Published