{"id":"CVE-2025-59431","summary":"MapServer - WFS XML Filter Query SQL injection","details":"MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.","aliases":["GHSA-256m-rx4h-r55w"],"modified":"2025-12-05T10:20:57.114305Z","published":"2025-09-19T19:29:13.163Z","database_specific":{"cwe_ids":["CWE-89"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59431.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59431.json"},{"type":"ADVISORY","url":"https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59431"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mapserver/mapserver","events":[{"introduced":"0"},{"fixed":"b23d85c90ca3760ac1c02e6ae08f017930144586"}]}],"versions":["6.0.3","rel-3-4","rel-3-5-0","rel-4-0-0","rel-4-10-0","rel-4-10-0-beta1","rel-4-10-0-beta2","rel-4-10-0-beta3","rel-4-10-0-rc1","rel-4-4-0","rel-4-4-0-beta1","rel-4-4-0-beta2","rel-4-4-0-beta3","rel-4-6-0","rel-4-6-0-beta1","rel-4-6-0-beta2","rel-4-6-0-beta3","rel-4-6-0-rc1","rel-4-8-0-beta1","rel-4-8-0-beta2","rel-4-8-0-beta3","rel-4-8-0-rc2","rel-6-0-3-0","rel-6-2-0","rel-6-2-0-beta1","rel-6-2-0-beta2","rel-6-2-0-beta3","rel-6-2-0-beta4","rel-6-2-0-rc1","rel-6-2-1","rel-6-2-2","rel-6-4-0","rel-6-4-0-beta1","rel-6-4-0-beta2","rel-6-4-0-rc1","rel-6-4-1","rel-6-4-2","rel-6-4-3","rel-6-4-4","rel-7-0-0","rel-7-0-0-beta1","rel-7-0-0-beta2","rel-7-0-1","rel-7-0-2","rel-7-0-3","rel-7-0-4","rel-7-0-5","rel-7-0-6","rel-7-0-7","rel-7-2-0","rel-7-2-0-beta1","rel-7-2-0-beta2","rel-7-2-1","rel-7-2-2","rel-7-4-0","rel-7-4-0-beta1","rel-7-4-0-beta2","rel-7-4-0-rc1","rel-7-4-0-rc2","rel-7-4-1","rel-7-4-2","rel-7-4-3","rel-7-4-4","rel-7-6-0","rel-7-6-0-beta1","rel-7-6-0-beta2","rel-7-6-0-rc1","rel-7-6-0-rc2","rel-7-6-0-rc3","rel-7-6-0-rc4","rel-8-4-0","rel-8-4-0-beta1","rel-8-4-0-beta2","rel-8-4-0-rc1","styleObj"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59431.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}]}