CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59431.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Git / github.com/mapserver/mapserver

Affected ranges

Type: GIT
Repo: https://github.com/mapserver/mapserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b23d85c90ca3760ac1c02e6ae08f017930144586

Affected versions

6.*

6.0.3

Other

rel-3-4

rel-3-5-0

rel-4-0-0

rel-4-10-0

rel-4-10-0-beta1

rel-4-10-0-beta2

rel-4-10-0-beta3

rel-4-10-0-rc1

rel-4-4-0

rel-4-4-0-beta1

rel-4-4-0-beta2

rel-4-4-0-beta3

rel-4-6-0

rel-4-6-0-beta1

rel-4-6-0-beta2

rel-4-6-0-beta3

rel-4-6-0-rc1

rel-4-8-0-beta1

rel-4-8-0-beta2

rel-4-8-0-beta3

rel-4-8-0-rc2

rel-6-0-3-0

rel-6-2-0

rel-6-2-0-beta1

rel-6-2-0-beta2

rel-6-2-0-beta3

rel-6-2-0-beta4

rel-6-2-0-rc1

rel-6-2-1

rel-6-2-2

rel-6-4-0

rel-6-4-0-beta1

rel-6-4-0-beta2

rel-6-4-0-rc1

rel-6-4-1

rel-6-4-2

rel-6-4-3

rel-6-4-4

rel-7-0-0

rel-7-0-0-beta1

rel-7-0-0-beta2

rel-7-0-1

rel-7-0-2

rel-7-0-3

rel-7-0-4

rel-7-0-5

rel-7-0-6

rel-7-0-7

rel-7-2-0

rel-7-2-0-beta1

rel-7-2-0-beta2

rel-7-2-1

rel-7-2-2

rel-7-4-0

rel-7-4-0-beta1

rel-7-4-0-beta2

rel-7-4-0-rc1

rel-7-4-0-rc2

rel-7-4-1

rel-7-4-2

rel-7-4-3

rel-7-4-4

rel-7-6-0

rel-7-6-0-beta1

rel-7-6-0-beta2

rel-7-6-0-rc1

rel-7-6-0-rc2

rel-7-6-0-rc3

rel-7-6-0-rc4

rel-8-4-0

rel-8-4-0-beta1

rel-8-4-0-beta2

rel-8-4-0-rc1

styleObj

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59431.json"