Security update: Protection against CVE-2025-30220
As part of our ongoing security strategy, we have responded to the recently published vulnerability CVE-2025-30220.
This affects XML processing in GeoTools and GeoServer and can lead to unauthorized file access or internal network calls under certain circumstances.
We are currently working hard to implement the necessary security measures:
- the GeoTools library used in GC Integration Officer and GC WFS SOM is being updated to the secured version v33.1.
- GC WFS SOM: all versions <= 5.2.9 are affected; from 5.2.10.x the GDAL library contained in Smallworld Core is used
- GC Integration Officer: all versions from 5.2.x are affected
- The GeoServer component contained in the GC Osiris Runtime is being upgraded to the security-relevant version 2.27.1.
Current status for our customers:
- The new, secured product versions are currently being prepared and will be available by the end of CW28.
- We recommend that all customers switch to the updated versions as soon as possible.
- Please contact our support team to plan and carry out the update.
With these measures, we ensure that our solutions meet the highest security requirements and are proactively protected against current threats.