Unfiltered SQL Injection Vulnerabilities in Geoserver
CVE-2023-25157

9.8CRITICAL

Key Information:

Vendor: Geoserver
Status: Geoserver
Vendor: CVE Published:; 21 February 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 93%

Summary

GeoServer, an open-source server for sharing and editing geospatial data, is susceptible to misuse in its PostGIS Datastore functions. This vulnerability arises from improper handling of certain function calls within the OGC Filter expression language and Common Query Language (CQL). Users are encouraged to upgrade to the latest versions (2.21.4 or 2.22.2) to mitigate potential security risks. For those unable to upgrade, it is recommended to disable the PostGIS Datastore encode functions settings, which could inadvertently allow misuse of functions like strEndsWith, strStartsWith, and PropertyIsLike. Enabling preparedStatements in the PostGIS DataStore can also help to mitigate risks associated with FeatureId misuse.

Affected Version(s)

geoserver >= 2.22.0, < 2.22.2 < 2.22.0, 2.22.2

geoserver < 2.21.4 < 2.21.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-25157
Created by win3zz

CVE-2023-25157-and-CVE-2023-25158
Created by murataydemir

CVE-2023-25157
Created by 0x2458bughunt

References

https://github.com/geoserver/geoserver/security/advisorie...

x_refsource_CONFIRM

https://github.com/geoserver/geoserver/commit/145a8af7985...

x_refsource_MISC

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 28, 2023
👾
Exploit known to exist
Nov 28, 2023
Vulnerability published
Feb 21, 2023
Vulnerability Reserved
Feb 3, 2023