What is CVE-2025-30145?

CVE-2025-30145 is a high-severity vulnerability in Geoserver, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 7.5/10. Published 2025-06-10.

How severe is CVE-2025-30145?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Geoserver

CVE-2025-30145

GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter a…

EPSS: 0.002 (38.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Geoserver — versions >= 2.26.0, < 2.26.3, < 2.25.7

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

https://github.com/geoserver/geoserver/security/advisories/GHSA-gr67-pwcv-76gf (x_refsource_CONFIRM)
https://github.com/geosolutions-it/jai-ext/pull/307 (x_refsource_MISC)
https://osgeo-org.atlassian.net/browse/GEOS-11778 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-30145?: CVE-2025-30145 is a high-severity vulnerability in Geoserver, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 7.5/10. Published 2025-06-10.
How severe is CVE-2025-30145?: High severity. CVSS v3 base score is 7.5 out of 10.