HomeCVE Intelligence › CVE-2025-27511
CVSS 7.2 HIGH Vulnerability

CVE-2025-27511: GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution (RCE). Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbi…

7.2CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2025-27511
Vendormaven
Affected Productorg.geoserver.extension:gs-db2
Vulnerability TypeVulnerability
CVSS Score7.2 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution (RCE).

Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code.

Details Authenticated users can access Vector Data Sources page to creating a new data store through db2 jdbc connection, performing JNDI attack due to unrestricted connection parameters, and then achieve RCE with deserialization of untrusted data.

Remediation This issue has been fixed in this release: https://github.com/geoserver/geoserver/releases/tag/2.27.0.

References * https://osgeo-org.atlassian.net/browse/GEOT-7725

• https://nvd.nist.gov/vuln/detail/cve-2023-27867

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com/geoserver/geoserver/releases/tag/2.27.0.","confidence_score":0.82,"first_seen":"2026-06-11","source_count":1} {"type":"url","value":"https://osgeo-org.atlassian.net/browse/GEOT-7725","confidence_score":0.82,"first_seen":"2026-06-11","source_count":1} {"type":"domain","value":"osgeo-org.atlassian.net","confidence_score":0.75,"first_seen":"2026-06-11","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2025-27511 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence