{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T11:17:21.745","vulnerabilities":[{"cve":{"id":"CVE-2024-40625","sourceIdentifier":"security-advisories@github.com","published":"2025-06-10T15:15:23.043","lastModified":"2025-08-26T16:22:20.640","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allows attackers to upload files with a specified url (with {method} equals 'url') with no restrict. This vulnerability is fixed in 2.26.0."},{"lang":"es","value":"GeoServer es un servidor de código abierto que permite a los usuarios compartir y editar datos geoespaciales. La API REST de Coverage /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} permite a los atacantes cargar archivos con una URL específica (donde {method} equivale a 'url') sin restricciones. Esta vulnerabilidad se corrigió en la versión 2.26.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osgeo:geoserver:*:*:*:*:*:*:*:*","versionEndExcluding":"2.26.0","matchCriteriaId":"D5C620D5-39EE-4F8B-92DA-64E0D62AF802"}]}]}],"references":[{"url":"https://github.com/geoserver/geoserver/security/advisories/GHSA-r4hf-r8gj-jgw2","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://osgeo-org.atlassian.net/browse/GEOS-11468","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://osgeo-org.atlassian.net/browse/GEOS-11717","source":"security-advisories@github.com","tags":["Permissions Required"]}]}}]}