CVE-2025-27505: GeoServer Missing Authorization on REST API Index
It is possible to bypass the default REST API security and access the index page.
References
- github.com/advisories/GHSA-h86g-x8mm-78m5
- github.com/geoserver/geoserver
- github.com/geoserver/geoserver/pull/8170
- github.com/geoserver/geoserver/security/advisories/GHSA-h86g-x8mm-78m5
- nvd.nist.gov/vuln/detail/CVE-2025-27505
- osgeo-org.atlassian.net/browse/GEOS-11664
- osgeo-org.atlassian.net/browse/GEOS-11776
Code Behaviors & Features
Detect and mitigate CVE-2025-27505 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →