PatchSiren cyber security CVE debrief
CVE-2025-52465 geoserver CVE debrief
CVE-2025-52465 is a high-severity vulnerability in GeoServer, an open-source server for sharing and editing geospatial data. Authenticated administrators can exploit this vulnerability to create files containing the master password in plaintext by passing arbitrary file names to the Master Password Dump web page. The target file must not already exist, and its parent directories must already exist. This vulnerability was fixed in versions 2.26.4 and 2.27.3. GeoServer installations with the web interface disabled or removed are not affected. The CVSS score for this vulnerability is 7.2, indicating a high severity level. Administrators should update to the latest version to prevent potential attacks.
- Vendor
- geoserver
- Product
- org.geoserver.web:gs-web-app
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-22
Who should care
Administrators and users of GeoServer, especially those with authenticated access to the security system, should be aware of this vulnerability and take necessary actions to update their installations. This vulnerability can be exploited by authenticated administrators, making it a significant concern for organizations using GeoServer.
Technical summary
The vulnerability exists in the Master Password Dump web page of GeoServer, allowing authenticated administrators to pass arbitrary file names and create files containing the master password in plaintext. The target file must be an absolute path, not already exist, and have existing parent directories. This issue was fixed in versions 2.26.4 and 2.27.3. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating a high severity level.
Defensive priority
High
Recommended defensive actions
- Update GeoServer to version 2.26.4 or 2.27.3
- Disable the web interface if not required
- Remove the web interface if not required
- Restrict access to the Master Password Dump web page
- Monitor GeoServer installations for suspicious activity
- Implement additional security measures to protect against potential attacks
Evidence notes
The information provided is based on the CVE record and NVD details. The vulnerability was reported and fixed in versions 2.26.4 and 2.27.3. The CVSS score and vector were obtained from the NVD database.
Official resources
public