An pressing warning a few important safety flaw in OSGeo GeoServer, a extensively used open-source geographic data-sharing server.
CISA has added the vulnerability to its Recognized Exploited Vulnerabilities (KEV) catalog, indicating that risk actors are actively leveraging this zero-day flaw in assaults focusing on each private and non-private sectors.
The newly disclosed vulnerability, tracked as CVE-2025-58360, is assessed as an Improper Restriction of XML Exterior Entity (XXE) Reference.
This safety hole exists throughout the software’s dealing with of XML enter. Particularly involving the /geoserver/wms endpoint throughout GetMap operations.
FieldDetailsCVE IDCVE-2025-58360NameOSGeo GeoServer XXE VulnerabilityDescriptionXML enter in /geoserver/wms GetMap is just not correctly restricted, permitting exterior XML entities.Associated CWECWE-611ActionApply vendor fixes, observe BOD 22-01 for cloud companies, or cease utilizing the product.
Safety researchers have decided that the software program fails to limit exterior entities in XML requests correctly.
By exploiting this weak spot, distant attackers can outline malicious exterior entities of their requests. Profitable exploitation might enable unauthorized actors to view recordsdata on the server.
Work together with backend or exterior programs (Server-Aspect Request Forgery), or trigger denial-of-service situations.
The affirmation of energetic exploitation prompted CISA to intervene, requiring federal civilian govt department (FCEB) businesses to instantly safe their programs.
In accordance with Binding Operational Directive (BOD) 22-01, CISA has mandated that each one FCEB businesses should determine and mitigate this vulnerability by January 1, 2026.
Whereas the mandate applies solely to federal businesses, CISA strongly urges all organizations that use OSGeo GeoServer to prioritize this replace.
The brief remediation window displays the severity of the risk and the energetic nature of present campaigns. Directors are suggested to use the related vendor mitigations instantly.
If patches are usually not but out there for particular configurations, organizations ought to observe CISA’s steering for cloud companies. Take into account quickly discontinuing the usage of the affected product till it may be secured.
Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.
