CVE-2025-52465 | geoserver org.geoserver.web:gs-web-app up to 2.26.3/2.27.2 Web Interface file inclusion (GHSA-7qmg-grcp-qf25)

Inserito da Angelo Barbosa | Giu 18, 2026 | CVE

A vulnerability, which was classified as problematic, was found in geoserver org.geoserver.web:gs-web-app and org.geoserver.web:gs-web-sec-core up to 2.26.3/2.27.2. Impacted is an unknown function of the component Web Interface. The manipulation results in file inclusion.

This vulnerability is cataloged as CVE-2025-52465. The attack may be launched remotely. Furthermore, there is an exploit available.

You should upgrade the affected component.

CVE-2025-52465 | geoserver org.geoserver.web:gs-web-app up to 2.26.3/2.27.2 Web Interface file inclusion (GHSA-7qmg-grcp-qf25)

Post correlati

CVE-2024-53261 | sveltejs kit up to 2.8.2 index.js cross site scripting

CVE-2026-0824 | questdb ui up to 1.11.9 Web Console cross site scripting

CVE-2024-13117 | Social Share Buttons Plugin up to 2.7 on WordPress path traversal

CVE-2025-0905 | Tracker Software PDF-XChange Editor JB2 File Parser out-of-bounds