CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

Posted on By CWS

Dec 12, 2025Ravie LakshmananVulnerability / Server Safety
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Thursday added a high-severity safety flaw impacting OSGeo GeoServer to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of lively exploitation within the wild.
The vulnerability in query is CVE-2025-58360 (CVSS rating: 8.2), an unauthenticated XML Exterior Entity (XXE) flaw that impacts all variations previous to and together with 2.25.5, and from variations 2.26.0 by way of 2.26.1. It has been patched in variations 2.25.6, 2.26.2, 2.27.0, 2.28.0, and a couple of.28.1. Synthetic intelligence (AI)-powered vulnerability discovery platform XBOW has been acknowledged for reporting the difficulty.
“OSGeo GeoServer comprises an improper restriction of XML exterior entity reference vulnerability that happens when the appliance accepts XML enter by way of a particular endpoint /geoserver/wms operation GetMap and will enable an attacker to outline exterior entities throughout the XML request,” CISA stated.

The next packages are affected by the flaw –

docker.osgeo.org/geoserver
org.geoserver.internet:gs-web-app (Maven)
org.geoserver:gs-wms (Maven)

Profitable exploitation of the vulnerability may enable an attacker to entry arbitrary information from the server’s file system, conduct Server-Facet Request Forgery (SSRF) to work together with inside techniques, or launch a denial-of-service (DoS) assault by exhausting sources, the maintainers of the open-source software program stated in an alert printed late final month.
There are at present no particulars obtainable on how the safety defect is being abused in real-world assaults. Nonetheless, a bulletin from the Canadian Centre for Cyber Safety on November 28, 2025, stated “an exploit for CVE-2025-58360 exists within the wild.”
It is price noting that one other essential flaw in the identical software program (CVE-2024-36401, CVSS rating: 9.8) has been exploited by a number of risk actors over the previous yr. Federal Civilian Government Department (FCEB) businesses are suggested to use the required fixes by January 1, 2026, to safe their networks.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation The Hacker News
CISA Highlights Six Exploited Flaws in Major Software CISA Highlights Six Exploited Flaws in Major Software The Hacker News
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers The Hacker News
iOS 26.5 Launches Default E2E Encrypted RCS Messaging iOS 26.5 Launches Default E2E Encrypted RCS Messaging The Hacker News
PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse The Hacker News
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes The Hacker News