InfoSecBulletin Cybersecurity for mankind
Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8.
The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published flaw helps the unauthenticated external command execution exploit through structured attack input.
CISA adds Cisco and Windows vulns as actively exploited
10 New Vulnerabilities Discovered in MediaTek Chipsets
Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns
Cyberattack detected at Polish space agency, minister says
Nearly 12,000 API Keys and Passwords Found in Public Datasets
Android Phone’s Unlocked Using Cellebrite’s Zero-day Exploit
DragonForce Ransomware Targets Saudi Company, 6TB Data Stolen
Microsoft Uncovers Hackers Selling Illegal Azure AI Access
By 2025, India’s First Semiconductor Chip to be ready
CVE-2025-20111
Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches
GeoServer RCE Vulnerability:
Various threat actor took the advantages of this flaw to propagate malware in different countries and regions. GOREVERSE, a reverse proxy tool, and SideWalk, a Linux backdoor developed by APT41 are some of Malware. In addition, the malware used ChaCha20 and XOR encryption for traffic hiding and C2 communications. If hacker deploy Fast Reverse Proxy (FRP) tool it masks malicious data with legitimate traffic making.
According to the report , crypto miners connected to pools like SupportXMR and used scripts to uninstall cloud monitor agent applications and other means to deactivate security features which could harm to the affected organizations.
To counter this critical vulnerability, the original XPath expression evaluator was replaced by the “JXPathUtils.newSafeContext” function, which is considered safe.
Users are advised to take additional precautions to ensure the software to updated and patched, ensuring that there are surveillance tools in place for threats, and also making sure that access is very limited. However, all these steps are crucial in mitigating risks associated with potential exploits.
In effect, such concerns can be resolved by users before the GeoServer environments are deployed for use, consequently shielding the geospatial data infrastructure from compromise and threats as well as the functionality of that infrastructure as an open source one.
GeoServer is an open-source server for sharing geospatial data, and this open-source software server is written in Java.
It publishes data from any major spatial data source using open standards. GeoServer is designed for teamwork and allows users to share, process, and edit geospatial data.
