Recent GeoServer Vulnerability Exploited in Attacks

Recent GeoServer Vulnerability Exploited in Attacks

Posted on By CWS

The US cybersecurity company CISA on Thursday warned that menace actors have been exploiting a current OSGeo GeoServer vulnerability in assaults.

Tracked as CVE-2025-58360 (CVSS rating of 9.8), the critical-severity bug is described as an XML Exterior Entity (XXE) challenge that would enable attackers to entry arbitrary information, conduct SSRF assaults, or trigger denial-of-service (DoS) situations.

“The appliance accepts XML enter via a particular endpoint /geoserver/wms operation GetMap. Nonetheless, this enter just isn’t sufficiently sanitized or restricted, permitting an attacker to outline exterior entities throughout the XML request,” GeoServer’s maintainers stated final month.

Patches for the safety defect had been included in GeoServer model 2.28.1, which was introduced on November 25. The replace additionally addressed a medium-severity XSS vulnerability within the software (tracked as CVE-2025-21621).

Packages impacted by the difficulty embody docker.osgeo.org/geoserver, org.geoserver.internet:gs-web-app (Maven), and org.geoserver:gs-wms (Maven), which ought to be up to date to variations 2.25.6, 2.26.3, or 2.27.0.

On Thursday, CISA added CVE-2025-58360 to its Recognized Exploited Vulnerabilities (KEV) record, with out offering particulars on the noticed in-the-wild exploitation.

Nonetheless, primarily based on advisories from cybersecurity agency Wiz and the Canadian Cyber Centre, an exploit for the bug has existed since late November.

Per Binding Operational Directive (BOD) 22-01, federal companies have three weeks to establish and patch weak GeoServer situations inside their environments.Commercial. Scroll to proceed studying.

It’s price noting that CVE-2025-58360 is the third exploited GeoServer vulnerability documented by CISA this yr. In June, it warned of CVE-2022-24816’s exploitation and in July it warned that CVE-2024-36401 had been focused in assaults.

In September, CISA revealed that, 4 days earlier than its July alert, a menace actor exploited the year-old GeoServer defect to compromise a federal company.

Associated: Unpatched Gogs Zero-Day Exploited for Months

Associated: Google Patches Mysterious Chrome Zero-Day Exploited within the Wild

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Android Zero-Days Patched in December 2025 Safety Replace

Security Week News Tags:, , ,

Related Posts

Microsoft Patches Actively Exploited Windows Kernel Zero-Day Microsoft Patches Actively Exploited Windows Kernel Zero-Day Security Week News
Capsule Security Unveils AI Protection with M Funding Capsule Security Unveils AI Protection with $7M Funding Security Week News
Optimizely Suffers Cyberattack Through Vishing Tactics Optimizely Suffers Cyberattack Through Vishing Tactics Security Week News
In Other News: k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth Security Week News
Palo Alto Networks to Acquire CyberArk for Billion Palo Alto Networks to Acquire CyberArk for $25 Billion Security Week News
AI Agent Security Firm Vijil Raises Million AI Agent Security Firm Vijil Raises $17 Million Security Week News