AI description
CVE-2024-36401 is a remote code execution (RCE) vulnerability affecting GeoServer, an open-source software server that allows users to share and edit geospatial data. The vulnerability exists in versions prior to 2.22.6, 2.23.6, 2.24.4, and 2.25.2. It stems from the unsafe evaluation of property names as XPath expressions within the GeoTools library API, which GeoServer uses. This API incorrectly passes property/attribute names to the commons-jxpath library, potentially allowing the execution of arbitrary code. The vulnerability can be exploited through multiple Open Geospatial Consortium (OGC) request parameters, including WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic, and WPS Execute. It is applicable to all GeoServer instances because the flawed XPath evaluation, intended for complex feature types, is mistakenly applied to simple feature types as well. A patch is available in versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2. A workaround involves removing the `gt-complex-x.y.jar` file from the GeoServer installation, although this may break some GeoServer functionality.
- Description
- GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- geoserver, geotools
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- OSGeo GeoServer GeoTools Eval Injection Vulnerability
- Exploit added on
- Jul 15, 2024
- Exploit action due
- Aug 5, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CISA says hackers breached federal agency using GeoServer exploit! According to CISA, hackers gained access to a U.S. federal agency by exploiting an unpatched GeoServer vulnerability (CVE-2024-36401). After breaching the GeoServer, they moved laterally to web and SQL servers,
@ChbibAnas
29 Sept 2025
24 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2022-2471 3 - CVE-2025-5777 4 - CVE-2024-49019 5 - CVE-2024-36401 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
29 Sept 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cybercriminals #VulnerabilityReport CVE-2024-36401 Exploited in Stealthy Bandwidth-Monetization Campaign https://t.co/60H8jToMWL
@Komodosec
28 Sept 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
خبر أمني مهم من CISA عن ثغرة GeoServer التي استُغلت لاختراق وكالة فيدرالية أميركية مهاجمون استغلوا ثغرة CVE-2024-36401 (درجة خطورة 9.8) في GeoServer لاختراق وكالة فيدرالية أ
@Mshoraty
28 Sept 2025
89 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2024-36401 3 - CVE-2025-8088 4 - CVE-2025-0309 5 - CVE-2024-38399 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
28 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-36401 : CISA says Hackers Breached Federal Agency Using GeoServer Exploit https://t.co/XxnPF92b7i
@freedomhack101
27 Sept 2025
135 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers exploited GeoServer💯 CVE-2024-36401 RCE to breach a U.S. federal agency on July 11, 2024—moving laterally across servers and deploying China Chopper web shells & LotL tools.Inbox now for all account recovery services,Lost or suspended, Inbox now let's get it done
@metaprohacker8
27 Sept 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA: Hackers exploited GeoServer CVE-2024-36401 RCE to breach a U.S. federal agency on July 11, 2024—moving laterally across servers and deploying China Chopper web shells & LotL tools. Full advisory → https://t.co/zyrZR5lUNn... https://t.co/wRwjWJWKwf
@IT_news_for_all
27 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA: Hackers exploited GeoServer CVE-2024-36401 RCE to breach a U.S. federal agency on July 11, 2024—moving laterally across servers and deploying China Chopper web shells & LotL tools. Full advisory → https://t.co/YNydFA7h9x https://t.co/emqVbrIZbP
@TheHackersNews
27 Sept 2025
18134 Impressions
57 Retweets
164 Likes
55 Bookmarks
5 Replies
0 Quotes
⚠️ Weekly vuln radar from https://t.co/8RzyA4ocnO: CVE-2025-20352 CVE-2025-20333 CVE-2025-20362 CVE-2025-25257 (@0x_shaq) CVE-2024-36401 (Steve Ikeoka) CVE-2025-10035 CVE-2025-10184 (Calum Hutton) CVE-2025-53690 (Andi Slok) CVE-2024-28986 https://t.co/HF5Ob5EPZO
@ptdbugs
26 Sept 2025
207 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CISA’s advisory AA25-266A reveals attackers exploited CVE-2024-36401 in GeoServer for remote code execution and lateral movement in a U.S. federal agency, undetected for nearly three weeks. Assessment templates now available. #GeoServer #IncidentResponse https://t.co/dm1MnH4ScK
@TweetThreatNews
25 Sept 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CISA: Federal agency breached via critical GeoServer flaw Attackers exploited CVE-2024-36401 in #GeoServer to gain remote code execution. They breached a US Federal Civilian Executive Branch agency, moved laterally to web & SQL servers, deployed web shells, and remain
@ransomnews
25 Sept 2025
232 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers breached a US federal agency using CVE-2024-36401, a critical GeoServer RCE vulnerability. They had access for 3 weeks, using China Chopper webshells, lateral movement to web/SQL servers, brute force for escalation, and credential harvesting. Patch critical bugs in
@bigmacd16684
25 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
24/09/2025 🚨 CISA reports threat actors breached a federal agency via CVE-2024-36401 just weeks post-disclosure. Urgent action required to protect geospatial data. Source: https://t.co/7PfENKJ99Q
@kernyx64
25 Sept 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA reported that threat actors exploited a critical unpatched GeoServer vulnerability (CVE-2024-36401) to breach a U.S. federal agency, gaining access to multiple servers and deploying persistent web shells. #CyberSecurity #CISA https://t.co/vmClQtcOZz
@Cyber_O51NT
25 Sept 2025
437 Impressions
1 Retweet
1 Like
0 Bookmarks
1 Reply
0 Quotes
🗽 Hackers broke the federal agency 🇺🇸 because of critical vulnerability Geoserver (Cve-2024-36401, CVSS 9.8). They 3️⃣ weeks unnoticed collecting data using Burp Suite, China Choper and Stowaway. Warnings in Kev and EDR signals were ignored, Patch did not put on time
@Hack_Your_Mom
24 Sept 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA reports a U.S. federal agency breach from delayed patching of CVE-2024-36401 in GeoServer, untested IRP, and silent EDR alerts. Attackers used web shells and Living Off the Land tools. #GeoServer #IncidentResponse #USA https://t.co/L8dihzF0Ex
@TweetThreatNews
24 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗽 Hackers broke the federal agency 🇺🇸 because of critical vulnerability Geoserver (Cve-2024-36401, CVSS 9.8). They 3️⃣ weeks unnoticed collecting data using Burp Suite, China Choper and Stowaway. Warnings in Kev and EDR signals were ignored, Patch did not put on time
@Hack_Your_Mom
24 Sept 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آژانس امنیت سایبری و زیرساختهای آمریکا (CISA) افشا کرد که مهاجمان سال گذشته پس از سوءاستفاده از یک نمونه وصلهنشده GeoServer، به شبکه یکی از آژانسهای اجرایی
@Teeegra
24 Sept 2025
991 Impressions
0 Retweets
12 Likes
1 Bookmark
0 Replies
0 Quotes
📢 𝐂𝐈𝐒𝐀 𝐬𝐚𝐲𝐬 𝐡𝐚𝐜𝐤𝐞𝐫𝐬 𝐛𝐫𝐞𝐚𝐜𝐡𝐞𝐝 𝐟𝐞𝐝𝐞𝐫𝐚𝐥 𝐚𝐠𝐞𝐧𝐜𝐲 𝐮𝐬𝐢𝐧𝐠 𝐆𝐞𝐨𝐒𝐞𝐫𝐯𝐞𝐫 𝐞𝐱𝐩𝐥𝐨𝐢𝐭 • Attackers exploited a GeoServer
@PurpleOps_io
23 Sept 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServer 远程代码执行漏洞 CVE-2024-36401 POC,在GeoServer中,未登录的任意用户可以通过构造恶意OGC请求,在默认安装的服务器中执行XPath表达式, 黑客数据 渗透各大网址app 拿站 远控 提权 dns劫持 脱裤 入侵 端口ddos
@SHAZHON
7 Sept 2025
1524 Impressions
0 Retweets
26 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServer 远程代码执行漏洞 CVE-2024-36401 POC,在GeoServer中,未登录的任意用户可以通过构造恶意OGC请求,在默认安装的服务器中执行XPath表达式, 黑客数据 渗透各大网址app 拿站 远控 提权 dns劫持 脱裤 入侵 端口ddos
@SHAZHON
5 Sept 2025
1525 Impressions
0 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年3月に始まったキャンペーンは、CVE-2024-36401を悪用し、ソフトウェア開発キット(SDK)を悪用して受動的な収入を得るものです。本稿では本キャンペーンの変遷を振り返ります。https://t.co/s8VSdoCnsZ https://t.co/uJ5
@unit42_jp
5 Sept 2025
501 Impressions
1 Retweet
6 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers exploit CVE-2024-36401 in GeoServer to deploy SDKs and bandwidth-sharing apps, monetizing victims' internet connections stealthily. They target 7,000+ instances globally, evading detection by changing IP addresses. The exploit enables remote code #CyberSecurity
@bigmacd16684
3 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A campaign starting in March 2025 exploits CVE-2024-36401, misusing software development kits (SDKs) to earn passive income. Unit 42 recounts the campaign’s shifts over time: https://t.co/35OVz4Fri0
@JackPen6
1 Sept 2025
195 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-36401
@transilienceai
26 Aug 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cyberattacks are evolving: • GeoServer flaw (CVE-2024-36401) hijacked to sell bandwidth • PolarEdge botnet → 40k devices hiding in firewalls/routers • “Gayfemboy” powering massive DDoS Different names. Same playbook: stealth, scale, profit. #CyberSecurity #ThreatIntel
@Prevent_Cyber
25 Aug 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Des chercheurs en cybersécurité alertent sur plusieurs campagnes exploitant des failles comme CVE-2024-36401 pour transformer des serveurs Redis en botnets IoT, proxys résidentiels ou plateformes de minage crypto. 🔒⚠️ #CyberSecurity #IA #Automatisation https://t.co/aW43
@meg_ai_fr
24 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybercriminals Exploit GeoServer RCE (CVE-2024-36401) to Hijack Redis Servers via PolarEdge Campaigns @techshotsapp #Cybercriminals #Hijack #Servers https://t.co/uVafLYFTxU
@techshotsapp
24 Aug 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
23/08/2025 GeoServer exploits are on the rise! 🚨 CVE-2024-36401 (CVSS 9.8) highlights severe risks as attackers turn compromised Redis servers into IoT botnets. Stay vigilant and protect your infrastructure. Source: https://t.co/PHD9Q70x5L
@kernyx64
24 Aug 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Cyberattacks are evolving fast. ➟ Hackers exploit GeoServer (CVE-2024-36401) to hijack internet bandwidth. ➟ PolarEdge botnet stealthily spreads across 40k firewalls & routers. ➟ “Gayfemboy” malware, a Mirai variant, full report at https://t.co/DMh8k7v99o ht
@swiftpointnews
23 Aug 2025
107 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
🌐 CVE-2024-36401 GeoServer RCE is being exploited across 7,100+ instances using stealthy Dart binaries to share bandwidth and earn passive income. More: https://t.co/xsC5aLz3m3 #CyberCrimeEvolution #GeoServer #Botnet https://t.co/wt4w2dPWed
@sctocs25
23 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServer vulnerability CVE-2024-36401 still exploited for RCE https://t.co/Lh9qUba3aU
@DemolisherDigi
23 Aug 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
サイバーセキュリティ研究者らは、Redis サーバーを悪用する複数の攻撃キャンペーンに警鐘を鳴らしている。 報告によると、攻撃者は脆弱性を突き、IoTボットネット、リバースプロキシ、暗号資産マイニング
@yousukezan
23 Aug 2025
2484 Impressions
3 Retweets
20 Likes
9 Bookmarks
0 Replies
0 Quotes
Research shows abuse of Redis servers, highlighting CVE-2024-36401 exploitation for proxy infrastructure. Prioritize triage and validation. https://t.co/EFWh7rCKUZ #SecurityImpact #RedisExploits
@threatlight
23 Aug 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تحذر الباحثون في الأمن السيبراني من حملات متعددة تستغل ثغرات أمنية معروفة، تشمل استغلال خوادم Redis. تشمل الأنشطة الخبيثة استخدام الأجهزة المخترقة كبوت
@Cybercachear
23 Aug 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Cyberattacks are shifting gears. ➟ One crew hijacks GeoServer (CVE-2024-36401) to quietly sell your internet bandwidth. ➟ Another builds PolarEdge, a 40k-device botnet hidden in firewalls & routers. ➟ And “Gayfemboy” — a Mirai offshoot — spread... http
@IT_news_for_all
23 Aug 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Cyberattacks are shifting gears. ➟ One crew hijacks GeoServer (CVE-2024-36401) to quietly sell your internet bandwidth. ➟ Another builds PolarEdge, a 40k-device botnet hidden in firewalls & routers. ➟ And “Gayfemboy” — a Mirai offshoot — spreads across
@TheHackersNews
23 Aug 2025
75553 Impressions
41 Retweets
160 Likes
49 Bookmarks
5 Replies
3 Quotes
【帯域幅窃取攻撃】攻撃者がGeoServerの重大な脆弱性CVE-2024-36401(CVSS 9.8)を悪用し、被害者のインターネット帯域幅を密かに収益化する新たな攻撃キャンペーンが発見された。正規SDKを悪用することで、マルウ
@nakajimeeee
22 Aug 2025
382 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
A campaign starting in March 2025 exploits CVE-2024-36401, misusing software development kits (SDKs) to earn passive income. We recount the campaign’s shifts over time: https://t.co/eZEPBtNIZw https://t.co/745JJsvty6
@Unit42_Intel
21 Aug 2025
4344 Impressions
21 Retweets
39 Likes
5 Bookmarks
0 Replies
0 Quotes
GeoServer 远程代码执行漏洞 CVE-2024-36401 POC,在GeoServer中,未登录的任意用户可以通过构造恶意OGC请求,在默认安装的服务器中执行XPath表达式, 黑客数据 渗透各大网址app 拿站 远控 提权 dns劫持 脱裤 入侵 端口ddos
@SHAZHON
7 Aug 2025
1151 Impressions
0 Retweets
12 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServer 远程代码执行漏洞 CVE-2024-36401 POC,在GeoServer中,未登录的任意用户可以通过构造恶意OGC请求,在默认安装的服务器中执行XPath表达式, 黑客数据 渗透各大网址app 拿站 远控 提权 dns劫持 脱裤 入侵 端口ddos
@SHAZHON
4 Aug 2025
1351 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServer の RCE 脆弱性 CVE-2024-36401 を悪用:CoinMiner をデプロする脅威アクター #宇宙セキュリティ #宇宙 #セキュリティ #security #space #spacesecurity https://t.co/FZ7wYoZJ1y
@SpaceCyberSec
28 Jul 2025
18 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
How long before n-day exploits become the new normal for crypto miners? - Linuxsys miner uses Apache 2.4.49 flaw (CVSS 7.5) to run stealthy shell scripts - Attackers hijack legit sites with valid SSL to evade detection - Campaign exploits CVE-2024-36401 & Atlassian Confluenc
@CuriousCatsAI
17 Jul 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical RCE vulnerability (CVE-2024-36401) in GeoServer puts systems at risk. Attackers can exploit unpatched versions of GeoServer via crafted requests. Learn more about the exploit and how OPSWAT solutions help mitigate exposure to this critical security risk. Read the htt
@OPSWAT
20 Mar 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recent vulnerability breakdowns include Androxgh0st Botnet Vulnerabilities, CVE-2024-36401 in GeoServer, and CVE-2023-1389 in TP-Link Archer AX21 Firmware. Providing detailed analysis to aid in understanding and mitigation.
@agentwhitehat
12 Jan 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-36401: Critical Vulnerability in GeoServer Allows RCE by Unauthenticated Users #unauthenticatedrce #rce #geoserverexploit #cve_2024_36401 #geoserver_rce https://t.co/Cm596jQFrc
@_havij
31 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I made a nice shodan dork for CVE-2024-36401 shodan dork: http.html:"/ geoserver" http.title: "Geoserver" Valhalla 2.8 is private, but you can use the older version that's on github. #hacker #hackers #hacking #cybersecurity #programming #programmer #python #python3 https://t.co/C
@Zeddhacks
10 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
İ made a nice shodan dork for CVE-2024-36401 shodan dork: http.html:"/ geoserver" http.title: "Geoserver" Valhalla 2.8 is private, but you can use the older version that's on github. https://t.co/dJCQ21MXfB
@yunus_huse99988
29 Nov 2024
14 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending Security Vulnerabilities to Watch Out For: CVE-2024-44175 CVE-2024-37397 CVE-2024-7591 CVE-2024-36401 #infosec
@UAFnUg
28 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE0EE582-FAE7-4528-9A5E-6E56EB1DE345",
"versionEndExcluding": "2.22.6"
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0069EB0E-BF96-47F5-8A02-13F9FA6C15D8",
"versionEndExcluding": "2.23.6",
"versionStartIncluding": "2.23.0"
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A407E94-A7F2-4A4F-B96E-2B3DC8FF6DF3",
"versionEndExcluding": "2.24.4",
"versionStartIncluding": "2.24.0"
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFBAEC7A-6250-45FE-AB54-30D72C03F62D",
"versionEndExcluding": "2.25.2",
"versionStartIncluding": "2.25.0"
},
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "732DE428-3515-459F-AE5F-08407BA1A049",
"versionEndExcluding": "29.6"
},
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E338785-9877-4731-B095-E40C86D89577",
"versionEndExcluding": "30.4",
"versionStartIncluding": "30.1"
},
{
"criteria": "cpe:2.3:a:geotools:geotools:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "956C1035-1771-4DBE-9B23-815DB6ECB8BF",
"versionEndExcluding": "31.2",
"versionStartIncluding": "31.1"
},
{
"criteria": "cpe:2.3:a:geotools:geotools:30.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCE433A3-886D-4CBB-9696-660F517FBFEE"
},
{
"criteria": "cpe:2.3:a:geotools:geotools:30.0:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEB40BCD-6D65-4DC8-A0BF-F5736D543B59"
},
{
"criteria": "cpe:2.3:a:geotools:geotools:31.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75B1DF89-EFC1-4F5A-881E-495AE00E820B"
},
{
"criteria": "cpe:2.3:a:geotools:geotools:31.0:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72752A30-52B9-4E95-90F8-A807618B5313"
}
],
"operator": "OR"
}
]
}
]