cvedb.io
CVE-2025-30145
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-06-10T15:15:24.070 · Last modified 2026-06-17T09:08:14.830

Summary

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. This vulnerability is fixed in 2.27.0, 2.26.3, and 2.25.7. This vulnerability can be mitigated by disabling WMS dynamic styling and the Jiffle process.

Affected products

osgeo — geoserver

Does this affect you?

Add your gear to cvedb and we'll alert you only when osgeo ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.