KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

8.6

CVSS
High

CVE-2023-43795

PUBLISHED

WPS Server Side Request Forgery in GeoServer

Exploited in the wild Remote Low complexity No user interaction

Vendor: geoserver
Product: geoserver
Published: Oct 24, 2023
EPSS: —

Description

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.

java nuclei_scanner

CVSS scores

CVSS v3.1 8.6 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Exploitation status

Exploited in the wild

Recorded 2025-04-26 00:00:00 UTC · Source

SSVC decision points

Exploitation: none
Automatable: Yes
Technical impact: partial

References

https://github.com/geoserver/geoserver/security/advisories/GHSA-5pr3-m5hm-9956

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Apr 26, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-43795.yaml	Apr 25, 2025

Timeline

CVE ID Reserved

September 22, 2023
CVE Published to Public

October 24, 2023
Detected by Nuclei

April 25, 2025
Added to KEVIntel

April 26, 2025