GeoServer 2.25.7 Released

The GeoServer team is pleased to share the unplanned release of GeoServer 2.25.7.

The 2.25.x series has reached end-of-life, and is no longer supported. This release is made in response to a security vulnerability, providing anyone who has not yet updated a little more time to do so. The details of the security vulnerability will be shared on Monday 2 June.

For more information please see release announcement and release notes.

Thanks to Jody Garnett (GeoCat) and Andrea Aimie (GeoSolutions) for making this release.
--
GeoServer Project Steering Committee

Information on CVE-2025-30220 is now available. This CVE is covered as part of today’s blog post update: June 2025 Vulnerability Disclosures

After discussion between security researchers last week the CVE-2025-30220 was downgraded from critical to high.