XML External Entity Flaw in GeoServer by OSGeo
CVE-2025-58360

8.2HIGH

Key Information:

Vendor

Geoserver

Status
Geoserver
Vendor
CVE Published:
25 November 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 2,640πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 71%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2025-58360?

CVE-2025-58360 is a vulnerability affecting GeoServer, an open-source server designed for sharing and editing geospatial data. The issue arises from an XML External Entity (XXE) flaw that impacts versions of GeoServer ranging from 2.26.0 to before 2.26.2 and 2.25.6. This vulnerability allows attackers to send specially crafted XML input to the server's /geoserver/wms operation GetMap endpoint. Due to insufficient sanitization of this input, an attacker could exploit the vulnerability by including external entities in the XML request, potentially leading to unauthorized data access or other malicious outcomes. GeoServer has addressed this vulnerability in later versions, specifically 2.25.6, 2.26.3, and 2.27.0.

Potential Impact of CVE-2025-58360

  1. Data Leakage: The primary risk associated with CVE-2025-58360 is the potential for unauthorized access to sensitive geospatial data. Exploiting the XXE vulnerability could allow attackers to retrieve arbitrary files from the server, leading to information disclosure.

  2. Denial of Service: Through specially crafted XML payloads, an attacker could trigger denial of service scenarios by overloading the server or causing it to crash, thereby disrupting services that depend on GeoServer for geospatial data access.

  3. Increased Attack Surface: The presence of this vulnerability may create opportunities for further exploitation of the system, as attackers could use initial access gained via the XXE flaw to explore and compromise additional services or databases linked to the GeoServer instance.

CISA has reported CVE-2025-58360

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-58360 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

geoserver >= 2.26.0, < 2.26.2 < 2.26.0, 2.26.2

geoserver < 2.25.6 < 2.25.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-58360
Created by quyenheu

News Articles

favicon imageBleepingComputer

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External EntityΒ (XXE) injection attacks.

1 week ago

favicon imageThe Hacker News

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA reports active exploitation of GeoServer XXE flaw CVE-2025-58360 and directs immediate updates to secure affected systems.

1 week ago

References

https://github.com/geoserver/geoserver/security/advisorie...
x_refsource_CONFIRM
https://osgeo-org.atlassian.net/browse/GEOS-11682
x_refsource_MISC

EPSS Score

71% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by The Hacker News

  • πŸ¦…

    CISA Reported

  • πŸ“ˆ

    Vulnerability started trending

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-58360 : XML External Entity Flaw in GeoServer by OSGeo