CVE-2024-36401 GeoServer Remote Code Execution PoC - #CVE-2024-36401
A critical security vulnerability identified as CVE-2024-36401 has been discovered in GeoServer, an open-source server software for geospatial data sharing and editing, with a CVSS score of 9.8. This flaw allows unauthenticated remote code execution due to unsafe evaluation of property names as XPath expressions in multiple OGC request parameters. The vulnerability has been actively exploited in various malware campaigns, targeting global IT service providers, technology firms, government agencies, and telecommunications companies. Attackers have used this vulnerability to deploy a range of malicious payloads including cryptocurrency miners, botnet malware, and sophisticated backdoors such as SideWalk. The GeoServer project has released patches, and organizations are urged to update their installations to the latest versions to mitigate risks. Moreover, implementing threat detection tools and strict access controls is recommended to prevent potential exploitation by attackers.