Platform
java
Component
org.geoserver.web:gs-web-app
Fixed in
2.25.1
2.25.0
CVE-2024-34711 describes a Server-Side Request Forgery (SSRF) vulnerability within the GeoServer web application. This flaw allows an attacker to leverage improper URI validation to send arbitrary GET requests, potentially exposing internal network information and resources. The vulnerability affects versions prior to 2.25.0, and a fix is available in that release.
The SSRF vulnerability in GeoServer allows attackers to bypass security controls and interact with internal systems that are not directly accessible from the outside world. An attacker could use this to scan the internal network for open ports and services, potentially identifying other vulnerable targets. The ability to read .xsd files, while limited, could still expose sensitive configuration details or internal file paths. Successful exploitation could lead to information disclosure, privilege escalation, and further compromise of the GeoServer environment and connected systems. This vulnerability shares similarities with other SSRF exploits where attackers leverage misconfigured URI handling to gain unauthorized access.
CVE-2024-34711 has been published on 2025-06-10. The CVSS score of 9.3 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept (POC) code is currently unavailable, but the SSRF nature of the vulnerability makes it likely that exploits will be developed. Monitor security advisories and threat intelligence feeds for updates on exploitation activity. This CVE is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.12% (30% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-34711 is to upgrade GeoServer to version 2.25.0 or later, which includes a fix for the improper URI validation. If immediate upgrading is not possible, consider implementing a Web Application Firewall (WAF) with rules to block requests containing suspicious URIs or XML entities. Additionally, restrict network access to GeoServer to only necessary services and hosts. Regularly review GeoServer configuration files for any potential misconfigurations that could exacerbate the vulnerability. After upgrading, confirm the fix by attempting to trigger the SSRF vulnerability with a known malicious URI and verifying that the request is blocked.
Update GeoServer to version 2.25.0 or later. This version includes a default ENTITY_RESOLUTION_ALLOWLIST configuration that mitigates the SSRF vulnerability. Refer to the GeoServer documentation for more details on configuring external entities.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-34711 is a critical SSRF vulnerability in GeoServer's web application, allowing attackers to send unauthorized requests and potentially scan internal networks. It affects versions before 2.25.0.
You are affected if you are running GeoServer versions prior to 2.25.0. Assess your environment and upgrade as soon as possible.
Upgrade GeoServer to version 2.25.0 or later. As a temporary workaround, implement WAF rules to block suspicious URIs.
While no active exploitation has been confirmed, the vulnerability's severity and SSRF nature suggest a high likelihood of future exploitation. Monitor security advisories.
Refer to the official GeoServer security advisories on the GeoServer website for the latest information and updates regarding CVE-2024-34711.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.