Summary
Geo Controller 8.9.6 resolves CVE-2025-62109 with important security hardening and sensitive data exposure protections.
We are aware of the recently published security advisory related to Geo Controller (cf-geoplugin), identified as CVE-2025-62109 and referenced in several public vulnerability databases.
After internal review and additional hardening, the issue has been fully resolved in Geo Controller version 8.9.6.
The reported issue involved a potential sensitive data exposure scenario under specific conditions. No evidence of active exploitation, credential leakage, or unauthorized account access has been identified.
What was done in 8.9.6:
- Security hardening improvements
- Additional validation and sanitization layers
- Reduced exposure of internal diagnostic/output data
- Internal architecture cleanup related to request handling
We strongly recommend that all users update to the latest version immediately.
Official plugin page:
GitHub repository:
Geo Controller GitHub Repository
We also submitted remediation metadata updates to public advisory databases so affected version ranges and fix references can be properly reflected across security ecosystems and automated scanners.
Security and stability remain a top priority for the project, and we appreciate responsible disclosure efforts that help improve the ecosystem for everyone.
