VDB
NCSC-2025-197
NCSC-2025-197
PUBLISHED
CVSS 9.899999618530273 CRITICAL
De kwetsbaarheid bevindt zich in de Eclipse XSD library. De kwetsbaarheid stelt ongeauthenticeerde aanvallers in staat om mogelijke code executie en toegang tot gevoelige bestanden via het injecteren van XML code.
Risk Scores
CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| GeoServer | vers:unknown/2.26.2 | |
| GeoServer | vers:unknown/<2.25.6 | |
| GeoTools | vers:unknown/* |
Timeline
- Jun 18, 2025 CVE Published
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
- Mar 20, 2026 Security Advisory
References
- https://advisories.ncsc.nl/csaf/v2/2025/ncsc-2025-0197.json advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-30220 advisory
- https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-30220 advisory
- https://github.com/geotools/geotools/security/advisories/GHSA-826p-4gcg-35vw advisory
- https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-30220.json advisory