DirectorySecurity AdvisoriesPricing
/
Sign in
Security Advisories

CGA-pjqq-cfr7-f3f3

Published

Last updated

https://images.chainguard.dev/security/CGA-pjqq-cfr7-f3f3
Package

geoserver-2.27

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2025-41242
  • GHSA-r936-gwx5-v52f

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-41242
  • https://github.com/advisories/GHSA-r936-gwx5-v52f

Updates

Status

Pending upstream fix

Impact

This vulnerability affects spring-webmvc 5.3.39. The fix is available in Spring Framework 6.2.10. GeoServer 2.27.x currently uses Spring Framework 5.3.x which has reached end of open-source support with no public fix available for the 5.3.x line. GeoServer main branch has updated to Spring Framework 6.x (commit fd0cd28d8323e38dffbaaa91f784a9b8057d4a5d) which contains the fix. Resolution requires upstream GeoServer maintainers to backport Spring Framework 6.x support to the 2.27.x stable branch. Reference: https://github.com/geoserver/geoserver/commit/fd0cd28d8323e38dffbaaa91f784a9b8057d4a5d

Status

Under investigation

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0Golden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogPartnersNewsroomCareersLegal