Vulnerability Database

309,364

Total vulnerabilities in the database

GeoServer vulnerable to SSRF in TestWfsPost for specific targets, e.g. PHP + Nginx

Summary

Missing checks allow for SSRF to specific targets using the TestWfsPost enpoint.

Mitigation

To manage the proxy base value as a system administrator, use the parameter PROXY_BASE_URL to provide a non-empty value that cannot be overridden by the user interface or incoming request.thomsmith.

Resolution

The TestWfsPost has been replaced in GeoServer 2.25.2 and GeoServer 2.24.4 with a JavaScript Demo Requests page to test OGC Web Services.

References

CVE-2024-29198 Unauthenticated SSRF via TestWfsPost

Published: Jun 10, 2025
Updated: Jun 11, 2025
GHSA: GHSA-68cf-j696-wvv9
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
org.geoserver / gs-wfs	1.0.0	2.24.4
org.geoserver / gs-wfs	2.25.0	2.25.2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo