CVE-2025-27511 - Vulnerability Details - OpenCVE

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

No data.

References

Link	Providers
https://github.com/geoserver/geoserver/releases/tag/2.27.0
https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7
https://nvd.nist.gov/vuln/detail/cve-2023-27867
https://osgeo-org.atlassian.net/browse/GEOT-7725

History

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.
Title		GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
Weaknesses		CWE-502 CWE-74
References		https://github.com/geoserver/geoserver/releases/tag/2.27.0 https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7 https://nvd.nist.gov/vuln/detail/cve-2023-27867 https://osgeo-org.atlassian.net/browse/GEOT-7725
Metrics		cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-18T14:23:01.788Z

Updated: 2026-06-18T15:57:10.555Z

Reserved: 2025-02-26T18:11:52.306Z

Link: CVE-2025-27511

Vulnrichment

Updated: 2026-06-18T15:57:06.841Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-27511", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-02-26T18:11:52.306Z", "datePublished": "2026-06-18T14:23:01.788Z", "dateUpdated": "2026-06-18T15:57:10.555Z"}, "containers": {"cna": {"title": "GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection", "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "lang": "en", "description": "CWE-502: Deserialization of Untrusted Data", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7"}, {"name": "https://github.com/geoserver/geoserver/releases/tag/2.27.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/geoserver/geoserver/releases/tag/2.27.0"}, {"name": "https://nvd.nist.gov/vuln/detail/cve-2023-27867", "tags": ["x_refsource_MISC"], "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27867"}, {"name": "https://osgeo-org.atlassian.net/browse/GEOT-7725", "tags": ["x_refsource_MISC"], "url": "https://osgeo-org.atlassian.net/browse/GEOT-7725"}], "affected": [{"vendor": "geoserver", "product": "org.geoserver.extension:gs-db2", "versions": [{"version": "< 2.27.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-18T14:23:01.788Z"}, "descriptions": [{"lang": "en", "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue."}], "source": {"advisory": "GHSA-g628-r368-6vh7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-18T15:56:02.593342Z", "id": "CVE-2025-27511", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T15:57:10.555Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27511", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-18T15:56:02.593342Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T15:57:06.841Z"}}], "cna": {"title": "GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection", "source": {"advisory": "GHSA-g628-r368-6vh7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "geoserver", "product": "org.geoserver.extension:gs-db2", "versions": [{"status": "affected", "version": "< 2.27.0"}]}], "references": [{"url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7", "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/geoserver/geoserver/releases/tag/2.27.0", "name": "https://github.com/geoserver/geoserver/releases/tag/2.27.0", "tags": ["x_refsource_MISC"]}, {"url": "https://nvd.nist.gov/vuln/detail/cve-2023-27867", "name": "https://nvd.nist.gov/vuln/detail/cve-2023-27867", "tags": ["x_refsource_MISC"]}, {"url": "https://osgeo-org.atlassian.net/browse/GEOT-7725", "name": "https://osgeo-org.atlassian.net/browse/GEOT-7725", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-18T14:23:01.788Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27511", "state": "PUBLISHED", "dateUpdated": "2026-06-18T15:57:10.555Z", "dateReserved": "2025-02-26T18:11:52.306Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-18T14:23:01.788Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}