InfoSecBulletin Cybersecurity for mankind
Researchers at Fortinet unveiled hackers to exploit GeoServer RCE vulnerability deploying malware relating to the vulnerability tracked as “CVE-2024-36401, has a CVSS score of 9.8.
The report said, for the poor design of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards, the published flaw helps the unauthenticated external command execution exploit through structured attack input.
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
GeoServer RCE Vulnerability:
Various threat actor took the advantages of this flaw to propagate malware in different countries and regions. GOREVERSE, a reverse proxy tool, and SideWalk, a Linux backdoor developed by APT41 are some of Malware. In addition, the malware used ChaCha20 and XOR encryption for traffic hiding and C2 communications. If hacker deploy Fast Reverse Proxy (FRP) tool it masks malicious data with legitimate traffic making.
According to the report , crypto miners connected to pools like SupportXMR and used scripts to uninstall cloud monitor agent applications and other means to deactivate security features which could harm to the affected organizations.
To counter this critical vulnerability, the original XPath expression evaluator was replaced by the “JXPathUtils.newSafeContext” function, which is considered safe.
Users are advised to take additional precautions to ensure the software to updated and patched, ensuring that there are surveillance tools in place for threats, and also making sure that access is very limited. However, all these steps are crucial in mitigating risks associated with potential exploits.
In effect, such concerns can be resolved by users before the GeoServer environments are deployed for use, consequently shielding the geospatial data infrastructure from compromise and threats as well as the functionality of that infrastructure as an open source one.
GeoServer is an open-source server for sharing geospatial data, and this open-source software server is written in Java.
It publishes data from any major spatial data source using open standards. GeoServer is designed for teamwork and allows users to share, process, and edit geospatial data.
