Recent GeoServer Vulnerability Exploited in Attacks

10 hours ago securityweek

Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request.

The US cybersecurity agency CISA on Thursday warned that threat actors have been exploiting a recent OSGeo GeoServer vulnerability in attacks.

Tracked as CVE-2025-58360 (CVSS score of 9.8), the critical-severity bug is described as an XML External Entity (XXE) issue that could allow attackers to access arbitrary files, conduct SSRF attacks, or cause denial-of-service (DoS) conditions.

“The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request,” GeoServer’s maintainers said last month.

Patches for the security defect were included in GeoServer version 2.28.1, which was announced on November 25. The update also addressed a medium-severity XSS vulnerability in the application (tracked as CVE-2025-21621).

Packages ...

Copyright of this story solely belongs to securityweek . To see the full text click HERE

Share: