dark
Hand-Picked Top-Read Stories
Trending Tags
2 minute read

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

info@thehackernews.com (The Hacker News)
December 12, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to
Total
0
Shares
0
0
0
[[{“value”:”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.

The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to and including 2.25.5, and from versions 2.26.0 through 2.26.1. It has been patched in versions 2.25.6, 2.26.2, 2.27.0, 2.28.0, and 2.28.1. Artificial intelligence (AI)-powered vulnerability discovery platform XBOW has been acknowledged for reporting the issue.

“OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request,” CISA said.

Cybersecurity

The following packages are affected by the flaw –

  • docker.osgeo.org/geoserver
  • org.geoserver.web:gs-web-app (Maven)
  • org.geoserver:gs-wms (Maven)

Successful exploitation of the vulnerability could allow an attacker to access arbitrary files from the server’s file system, conduct Server-Side Request Forgery (SSRF) to interact with internal systems, or launch a denial-of-service (DoS) attack by exhausting resources, the maintainers of the open-source software said in an alert published late last month.

There are currently no details available on how the security defect is being abused in real-world attacks. However, a bulletin from the Canadian Centre for Cyber Security on November 28, 2025, said “an exploit for CVE-2025-58360 exists in the wild.”

It’s worth noting that another critical flaw in the same software (CVE-2024-36401, CVSS score: 9.8) has been exploited by multiple threat actors over the past year. Federal Civilian Executive Branch (FCEB) agencies are advised to apply the required fixes by January 1, 2026, to secure their networks.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Share 0
Tweet 0
Share 0
Share 0
Share 0
Previous Post

Federal agencies now only have one more day to patch React2Shell bug

December 11, 2025
Next Post

React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation

December 12, 2025
Related Posts
4 min

Enterprise Credentials at Risk – Same Old, Same Old?

Imagine this: Sarah from accounting gets what looks like a routine password reset email from your organization’s cloud provider. She clicks the link, types in her credentials, and goes back to her spreadsheet. But unknown to her, she’s just made a big mistake. Sarah just accidentally handed over her login details to cybercriminals who are laughing all the way to their dark web
info@thehackernews.com (The Hacker News)
November 7, 2025
Read More
3 min

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple's equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices. The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad, and macOS devices, with plans to expand
info@thehackernews.com (The Hacker News)
November 21, 2025
Read More