Geoserver Org.Geoserver.Web Gs-Web-App vulnerabilities
2 known vulnerabilities affecting geoserver/org.geoserver.web_gs-web-app.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-58175P3HIGHCVSS 8.2fixed in 2.26.4v>= 2.27.0, < 2.27.32026-06-18
CVE-2025-58175 [HIGH] CWE-20 CVE-2025-58175: GeoServer is an open source server that allows users to share and edit geospatial data. Prior to ver
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RE
nvd
CVE-2025-52465P3HIGHCVSS 7.2fixed in 2.26.4v>= 2.27.0, < 2.27.32026-06-18
CVE-2025-52465 [HIGH] CWE-73 CVE-2025-52465: GeoServer is an open source server that allows users to share and edit geospatial data. Prior to ver
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in pla
nvd