CVE-2025-58175 is a medium-severity vulnerability in GeoServer, an open-source server for sharing and editing geospatial data. The vulnerability allows unauthenticated Server-Side Request Forgery (SSRF) attacks, which can be exploited if GeoServer is set up to use a proxy base URL and the ENTITY_RESOLUTION_ALLOWLIST feature. This feature is enabled by default since version 2.25.0. The vulnerability affect [truncated]
CVE-2025-52465 is a high-severity vulnerability in GeoServer, an open-source server for sharing and editing geospatial data. Authenticated administrators can exploit this vulnerability to create files containing the master password in plaintext by passing arbitrary file names to the Master Password Dump web page. The target file must not already exist, and its parent directories must already exist. This v [truncated]
CVE-2025-27511 is a high-severity vulnerability in GeoServer's DB2 DataStore Extension. An administrator can perform a JNDI attack through a specially crafted DB2 jdbc URL, leading to Remote Code Execution (RCE). The issue was fixed in version 2.27.0 of the extension. Organizations using affected versions should upgrade immediately. This vulnerability has a CVSS score of 7.2 and is considered HIGH severit [truncated]
