top of page
perceptive_background_267k.jpg

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

Published:

12 december 2025 om 05:01:00

Alert date:

12 december 2025 om 06:01:37

Source:

thehackernews.com

Click to open the original link from this advisory

CISA added CVE-2025-58360, a high-severity XML External Entity (XXE) vulnerability in OSGeo GeoServer, to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. The unauthenticated flaw has a CVSS score of 8.2 and affects all GeoServer versions prior to an unspecified version. The vulnerability allows attackers to exploit XXE weaknesses without authentication, posing significant risk to organizations running vulnerable GeoServer instances.

Technical details

CVE-2025-58360 is an unauthenticated XML External Entity (XXE) vulnerability with CVSS score 8.2. The flaw occurs when the application accepts XML input through the /geoserver/wms operation GetMap endpoint, allowing attackers to define external entities within XML requests. Successful exploitation enables access to arbitrary files from the server's file system, Server-Side Request Forgery (SSRF) to interact with internal systems, or denial-of-service (DoS) attacks by exhausting resources.

Mitigation steps:

Update to patched versions: 2.25.6, 2.26.2, 2.27.0, 2.28.0, or 2.28.1. Federal Civilian Executive Branch (FCEB) agencies must apply required fixes by January 1, 2026.

Affected products:

OSGeo GeoServer versions prior to and including 2.25.5
OSGeo GeoServer versions 2.26.0 through 2.26.1
docker.osgeo.org/geoserver
org.geoserver.web:gs-web-app (Maven)
org.geoserver:gs-wms (Maven)

Related links:

https://www.cisa.gov/news-events/alerts/2025/12/11/cisa-adds-one-known-exploited-vulnerability-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2025-58360
https://geoserver.org/announcements/2025/02/17/geoserver-2-25-6-released.html
https://geoserver.org/announcements/vulnerability/2025/01/27/geoserver-2-26-2-released.html
https://geoserver.org/announcements/vulnerability/2025/04/03/geoserver-2-27-0-released.html
https://geoserver.org/announcements/vulnerability/2025/10/14/geoserver-2-28-0-released.html
https://geoserver.org/announcements/vulnerability/2025/11/25/geoserver-2-28-1-released.html
https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525
https://www.cyber.gc.ca/en/alerts-advisories/geoserver-security-advisory-av25-789

Related CVE's:

Related threat actors:

IOC's:

/geoserver/wms operation GetMap endpoint

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page