216.73.216.197

CVE-2025-21621

· Published 25/11/2025 22:15 · Modified 03/12/2025 16:43

Labels: CVE-2025-21621 2025-11-25CVE-2025-21621CWE-79[email protected]

Essential information

Published
25/11/2025 22:15
Modified
03/12/2025 16:43
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting (XSS) vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLD_BODY parameters. This issue has been patched in version 2.25.0.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
geoserver / geoserver cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*

References