GCVE-VVD-NCSC-2025-197

Advisory PublishedCVSS 9.9/10

Vulnetix · Advisory published June 18, 2025

De ontwikkelaars van GeoServer hebben een kwetsbaarheid verholpen in GeoServer < 2.27.0, < 2.26.2, < 2.25.6, GeoTools < 33.0, < 32.2, < 31.6, < 28.6.0 en GeoNetwork < 4.4.7, < 4..2.12.

Download JSON Open in Console

Weaknesses (CWE)

CWE-611Improper Restriction of XML External Entity Reference

Risk Scores

CVSS 3.1

9.9/10

Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Affected Products

Vendor	Product	Versions	Platforms
GeoTools	vers:unknown/*	—	—
GeoServer	vers:unknown/2.26.2	—	—
GeoServer	vers:unknown/<2.25.6	—	—

Aliases

CVE-2025-30220

Transitive aliases

CVE-2024-29198 GHSA-gr67-pwcv-76gf GSD-2024-29198 EUVD-2024-26218 EUVD-2025-17683 GHSA-jj54-8f66-c5pc NCSC-2025-0197 GHSA-2p76-gc46-5fvc BDU:2025-10403 WID-SEC-W-2025-1294 CVE-2025-30145 GHSA-5gw5-jccf-6hxw VVD-ANCHORE-2024-29198 VVD-ANCHORE-2025-30145 BDU:2025-10404 GHSA-826p-4gcg-35vw VVD-ANCHORE-2025-30220

References

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON