Recent GeoServer Vulnerability Exploited in Attacks

Recent GeoServer Vulnerability Exploited in Attacks

Posted on By CWS

The US cybersecurity company CISA on Thursday warned that menace actors have been exploiting a current OSGeo GeoServer vulnerability in assaults.

Tracked as CVE-2025-58360 (CVSS rating of 9.8), the critical-severity bug is described as an XML Exterior Entity (XXE) challenge that would enable attackers to entry arbitrary information, conduct SSRF assaults, or trigger denial-of-service (DoS) situations.

“The appliance accepts XML enter via a particular endpoint /geoserver/wms operation GetMap. Nonetheless, this enter just isn’t sufficiently sanitized or restricted, permitting an attacker to outline exterior entities throughout the XML request,” GeoServer’s maintainers stated final month.

Patches for the safety defect had been included in GeoServer model 2.28.1, which was introduced on November 25. The replace additionally addressed a medium-severity XSS vulnerability within the software (tracked as CVE-2025-21621).

Packages impacted by the difficulty embody docker.osgeo.org/geoserver, org.geoserver.internet:gs-web-app (Maven), and org.geoserver:gs-wms (Maven), which ought to be up to date to variations 2.25.6, 2.26.3, or 2.27.0.

On Thursday, CISA added CVE-2025-58360 to its Recognized Exploited Vulnerabilities (KEV) record, with out offering particulars on the noticed in-the-wild exploitation.

Nonetheless, primarily based on advisories from cybersecurity agency Wiz and the Canadian Cyber Centre, an exploit for the bug has existed since late November.

Per Binding Operational Directive (BOD) 22-01, federal companies have three weeks to establish and patch weak GeoServer situations inside their environments.Commercial. Scroll to proceed studying.

It’s price noting that CVE-2025-58360 is the third exploited GeoServer vulnerability documented by CISA this yr. In June, it warned of CVE-2022-24816’s exploitation and in July it warned that CVE-2024-36401 had been focused in assaults.

In September, CISA revealed that, 4 days earlier than its July alert, a menace actor exploited the year-old GeoServer defect to compromise a federal company.

Associated: Unpatched Gogs Zero-Day Exploited for Months

Associated: Google Patches Mysterious Chrome Zero-Day Exploited within the Wild

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Android Zero-Days Patched in December 2025 Safety Replace

Security Week News Tags:, , ,

Related Posts

Major US Banks Impacted by SitusAMC Hack Major US Banks Impacted by SitusAMC Hack Security Week News
Cybersecurity M&A Roundup: 44 Deals Announced in July 2025 Cybersecurity M&A Roundup: 44 Deals Announced in July 2025 Security Week News
Cybersecurity Is Now a Core Business Discipline Cybersecurity Is Now a Core Business Discipline Security Week News
Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack Security Week News
FBI Shares IoCs for Recent Salesforce Intrusion Campaigns FBI Shares IoCs for Recent Salesforce Intrusion Campaigns Security Week News
Organizations Warned of Exploited Sudo Vulnerability Organizations Warned of Exploited Sudo Vulnerability Security Week News