{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T20:26:58.782","vulnerabilities":[{"cve":{"id":"CVE-2025-21621","sourceIdentifier":"security-advisories@github.com","published":"2025-11-25T22:15:47.227","lastModified":"2025-12-03T16:43:45.223","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting (XSS) vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLD_BODY parameters. This issue has been patched in version 2.25.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*","versionEndExcluding":"2.25.0","matchCriteriaId":"D74556B8-BDEF-4EC2-98AA-BD99DB2DA4A6"}]}]}],"references":[{"url":"https://github.com/geoserver/geoserver/commit/dc9ff1c726dd73c884437a123b4ad72b19383c7d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/geoserver/geoserver/pull/7406","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/geoserver/geoserver/security/advisories/GHSA-w66h-j855-qr72","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://osgeo-org.atlassian.net/browse/GEOS-11297","source":"security-advisories@github.com","tags":["Issue Tracking"]}]}}]}