Class based , object oriented programming language. Designed to have less dependencies as possible. The syntex of Java is smilier to C and C++. Commonly used for client-server applications. Java files are compiled by JVM (Java Virtual Machine)

Java

## Summary
Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution (RCE).
## Impact
If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code.
## Details
Authenticated users can access Vector Data Sources page to creating a new data store through db2 jdbc connection, performing JNDI attack due to unrestricted connection parameters, and then achieve RCE with deserialization of untrusted data.
### Remediation
This issue has been fixed in this release: https://github.com/geoserver/geoserver/releases/tag/2.27.0.
## References
* https://osgeo-org.atlassian.net/browse/GEOT-7725
* https://nvd.nist.gov/vuln/detail/cve-2023-27867

CVE ID	Gravidade	Pontuação	Tecnologias	Nome do componente	Exploração do CISA KEV	Tem correção	Data de publicação
CVE-2026-48059	HIGH	8.7	Java	io.netty:netty-codec-haproxy	Não	Sim	Jun 11, 2026
CVE-2026-44249	HIGH	8.1	Java	s3proxy	Não	Sim	Jun 11, 2026
CVE-2026-44890	HIGH	7.5	Java	celeborn-0.6	Não	Sim	Jun 11, 2026
CVE-2026-44250	HIGH	7.5	Java	apache-hop-fips	Não	Sim	Jun 11, 2026
CVE-2025-27511	HIGH	7.2	Java	org.geoserver.extension:gs-db2	Não	Sim	Jun 11, 2026

CVE-2025-27511:
Java Análise e mitigação de vulnerabilidades

Summary

Impact

Details

Remediation

References

7.2

Relacionado Java Vulnerabilidades:

Compare sua postura de segurança na nuvem

Recursos adicionais da Wiz

PEACH

Pronto para ver a Wiz em ação?

CVE-2025-27511: Java Análise e mitigação de vulnerabilidades