Recent GeoServer Vulnerability Exploited in Attacks

Posted on By CWS

The US cybersecurity company CISA on Thursday warned that menace actors have been exploiting a current OSGeo GeoServer vulnerability in assaults.

Tracked as CVE-2025-58360 (CVSS rating of 9.8), the critical-severity bug is described as an XML Exterior Entity (XXE) challenge that would enable attackers to entry arbitrary information, conduct SSRF assaults, or trigger denial-of-service (DoS) situations.

“The appliance accepts XML enter via a particular endpoint /geoserver/wms operation GetMap. Nonetheless, this enter just isn’t sufficiently sanitized or restricted, permitting an attacker to outline exterior entities throughout the XML request,” GeoServer’s maintainers stated final month.

Patches for the safety defect had been included in GeoServer model 2.28.1, which was introduced on November 25. The replace additionally addressed a medium-severity XSS vulnerability within the software (tracked as CVE-2025-21621).

Packages impacted by the difficulty embody docker.osgeo.org/geoserver, org.geoserver.internet:gs-web-app (Maven), and org.geoserver:gs-wms (Maven), which ought to be up to date to variations 2.25.6, 2.26.3, or 2.27.0.

On Thursday, CISA added CVE-2025-58360 to its Recognized Exploited Vulnerabilities (KEV) record, with out offering particulars on the noticed in-the-wild exploitation.

Nonetheless, primarily based on advisories from cybersecurity agency Wiz and the Canadian Cyber Centre, an exploit for the bug has existed since late November.

Per Binding Operational Directive (BOD) 22-01, federal companies have three weeks to establish and patch weak GeoServer situations inside their environments.Commercial. Scroll to proceed studying.

It’s price noting that CVE-2025-58360 is the third exploited GeoServer vulnerability documented by CISA this yr. In June, it warned of CVE-2022-24816’s exploitation and in July it warned that CVE-2024-36401 had been focused in assaults.

In September, CISA revealed that, 4 days earlier than its July alert, a menace actor exploited the year-old GeoServer defect to compromise a federal company.

Associated: Unpatched Gogs Zero-Day Exploited for Months

Associated: Google Patches Mysterious Chrome Zero-Day Exploited within the Wild

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Android Zero-Days Patched in December 2025 Safety Replace

Security Week News Tags:, , ,

Related Posts

Code Execution Vulnerability Patched in GitHub Enterprise Server Security Week News
In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked Security Week News
Webinar Today: The Future of Industrial Network Security Security Week News
Cybersecurity M&A Roundup: 27 Deals Announced in August 2025 Security Week News
How Scammers Are Using AI to Steal College Financial Aid Security Week News
Unit 221B Raises $5 Million for Threat Intel Aiding Hacker Arrests  Security Week News