← Back to CVE List

CVE-2025-30371

Published: 2025-03-28T15:15Z
Last Modified: 2025-03-28T18:11Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potentially impacted if their Metabase is colocated with other unsecured resources. This is fixed in v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. Migrating to Metabase Cloud or redeploying Metabase in a dedicated subnet with strict outbound port controls is an available workaround. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt