5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-40625

GHSA ID

GHSA-r4hf-r8gj-jgw2

EPSS Score

0.08621%

CWE

CWE-918

Published

6/10/2025

Updated

6/10/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-40625

CVE-2024-40625: Coverage REST API Server Side Request Forgery

Summary

The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allow to upload file with a specified url (with {method} equals 'url') with no restrict.

Details

The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method}.{format} allow to upload file with a specified url (with {method} equals 'url'). But this url has not been check with URL Checks feature.

For example, should add the code below to check fileURL:

URLCheckers.confirm(fileURL)

The vulnerable code was RESTUtils.java

Impact

This vulnerability presents the opportunity for Server Side Request Forgery.

References

https://osgeo-org.atlassian.net/browse/GEOS-11468
https://osgeo-org.atlassian.net/browse/GEOS-11717

(GitHub Advisory)

5.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-40625

GHSA ID

GHSA-r4hf-r8gj-jgw2

EPSS Score

0.08621%

CWE

CWE-918

Published

6/10/2025

Updated

6/10/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.geoserver:gs-rest	maven	< 2.26.0	2.26.0
org.geoserver.web:gs-web-app	maven	< 2.26.0	2.26.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the Coverage REST API, specifically when uploading a file using the 'url' method. The provided description clearly identifies RESTUtils.java and a specific line (176 in the linked version) as containing the vulnerable code. This line is within the getRemoteSource method. The vulnerability occurs because this method takes a user-supplied URL (sourceURLValue) and uses it to fetch data without adequate validation, as recommended by GeoServer's URL Checks feature (URLCheckers.confirm(fileURL)). An attacker can craft a malicious URL to make the server perform unintended requests to internal or external services, which is characteristic of an SSRF vulnerability. The getRemoteSource function in org.geoserver.rest.util.RESTUtils is directly responsible for handling this URL and is therefore the vulnerable function. The patch would involve adding the URLCheckers.confirm() call within this function to validate the URL before it's used.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry T** *ov*r*** r*st *pi `/worksp***s/{worksp***N*m*}/*ov*r***stor*s/{stor*N*m*}/{m*t*o*}.{*orm*t}` *llow to uplo** *il* wit* * sp**i*i** url (wit* {m*t*o*} *qu*ls 'url') wit* no r*stri*t. ### **t*ils T** *ov*r*** r*st *pi `/worksp***s/{w

Reasoning

T** vuln*r**ility li*s in t** *ov*r*** R*ST *PI, sp**i*i**lly w**n uplo**in* * *il* usin* t** 'url' m*t*o*. T** provi*** **s*ription *l**rly i**nti*i*s `R*STUtils.j*v*` *n* * sp**i*i* lin* (*** in t** link** v*rsion) *s *ont*inin* t** vuln*r**l* *o**

5.5

Basic Information

Concerned about an active attack path?

CVE-2024-40625: Coverage REST API Server Side Request Forgery

Summary

Details

Impact

References

5.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI