MapServer – WFS XML Filter Query SQL injection_CVE-2025-59431

8.9 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.

Basic Information

ID CVE-2025-59431

Source GitHub_M

Published Sep 19, 2025 at 19:29

Modified Sep 19, 2025 at 19:42

Affected Product

Vendor MapServer

Product MapServer

Version < 8.4.1

Affected Versions MapServer MapServer < 8.4.1

CWE Classification

CWE-89

References

github.com /MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w

{
    "lastseen": "",
    "description": "MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.",
    "published": "2025-09-19T19:29:13.163Z",
    "modified": "2025-09-19T19:42:16.930Z",
    "type": "cve",
    "title": "MapServer - WFS XML Filter Query SQL injection",
    "source": "GitHub_M",
    "references": "https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w",
    "id": "CVE-2025-59431",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "MapServer MapServer < 8.4.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "MapServer",
    "version": "< 8.4.1",
    "vendor": "MapServer",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}