AI description
CVE-2025-58360 is an XML External Entity (XXE) vulnerability found in GeoServer. The application improperly sanitizes XML input at the `/geoserver/wms` endpoint, specifically within the `GetMap` operation. This allows an attacker to define external entities within an XML request. By exploiting this vulnerability, an attacker can read arbitrary files from the server's file system and conduct Server-Side Request Forgery (SSRF) to interact with internal systems. GeoServer versions before 2.25.6, versions 2.26.0 to before 2.26.3, and versions before 2.27.0 are affected. Users are advised to update to GeoServer 2.25.6, 2.26.3, or 2.27.0 to remediate the vulnerability.
- Description
- GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- geoserver
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability
- Exploit added on
- Dec 11, 2025
- Exploit action due
- Jan 1, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- security-advisories@github.com
- CWE-611
- Hype score
- Not currently trending
Another week, another Recent Threat 😉 Say hello to GeoServer: CVE-2025-58360 👋 Because “it’s just XML” has never ended badly before. Break it, exploit it, then learn how to actually stop it. 🔗 Train on the real exploit https://t.co/YQHgtSphhU https://t.co/V6mwWO
@tryhackme
26 Jan 2026
50 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
SECURITY ALERT: CVE-2025-58360 Exploit Fix & Mitigation Guide Read more: https://t.co/7EJ9AfpxxM #Cybersecurity #CVE https://t.co/Y7GqcuiODr
@SecReportCVE
24 Dec 2025
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360 - OSGeo GeoServer XML External Entity (XXE) vulnerability https://t.co/gd5K8oJyu5 https://t.co/Hh2EQSsaDk
@SirajD_Official
22 Dec 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 OSGeo GeoServer [—] Dec 20, 2025 Critical Security Advisory: Actively Exploited XML External Entity (XXE) Vulnerability (CVE-2025-58360) – Patch Urgently Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 https://t.co/HSC6YyIuqt
@transilienceai
20 Dec 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
KeysGuard Night Owl roll-forward (Dec 16–18, 2025): Global cyber risk remains HIGH as active exploitation continues around React2Shell (CVE-2025-55182) and GeoServer XXE (CVE-2025-58360). Edge + MANAGENT pressure and much MORE! https://t.co/XSx2TgLJI5
@KeysGuardX
19 Dec 2025
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360 - OSGeo GeoServer XML External Entity (XXE) vulnerability https://t.co/y9SUdfrwmG https://t.co/CPEIjoIc3q
@PhotoZel
18 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360 - OSGeo GeoServer XML External Entity (XXE) vulnerability https://t.co/ibuvzYzy67 https://t.co/wnK4PyXiPk
@CloudVirtues
18 Dec 2025
9 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📢 CISA KEV ALERT: Federal agencies ordered to patch critical GeoServer XXE vulnerability (CVE-2025-58360) by Jan 1. The flaw is actively exploited, allowing remote file theft & SSRF. All orgs using GeoServer must patch NOW! ⚠️ #CyberSecurity #KEV #... 🔗 https://t.c
@NetSecIO
16 Dec 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CISA has added an actively exploited #GeoServer XXE flaw (CVE-2025-58360) to its KEV catalog. If you run GeoServer, patch now (2.25.6, 2.26.2, 2.27.0, 2.28.0, or 2.28.1) and review logs for suspicious activity. Details via @TheHackersNews: https://t.co/oUdNtfaoGU #Cybersecurity
@GetTCT
15 Dec 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 OSGeo GeoServer [—] Dec 13, 2025 Comprehensive security advisory detailing recent critical vulnerabilities, vendor response, exploitation status, risk analysis, and robust mitigation strategies for OSGeo GeoServer—including the actively exploited CVE-2025-58360 and the..
@transilienceai
13 Dec 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Vulnerabilidad crítica en #GeoServer, servidor de código abierto de datos geoespaciales. Desde el SOC de @AndaluciaJunta informamos que la vulnerabilidad CVE-2025-58360 está siendo explotada. 🔧 ¡Actualiza a versiones 2.25.6 / 2.26.2+ / 2.27.0! 📩 https://t.co/PzV8
@CentroCiberAND
12 Dec 2025
70 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA adiciona falha grave no GeoServer à lista KEV: Vulnerabilidade XXE CVE-2025-58360 em versões do OSGeo GeoServer permite acesso a arquivos, SSRF e DoS, com exploits ativos e correções urgentes recomendadas até janeiro de 2026 para evitar riscos críticos. https://t.co/DZ
@caveiratech
12 Dec 2025
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA warns critical XXE flaw CVE-2025-58360 in OSGeo GeoServer is under active exploitation, allowing external entity injection via unsanitized XML input. Patch or mitigate now. #Vulnerability https://t.co/vraqX3ihUZ
@threatcluster
12 Dec 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
US CISA warns of active exploitation of GeoServer vulnerability CVE-2025-58360 (CVSS 9.8) enabling SSRF, DoS, and data breaches. Patch 2.28.1 released Nov 25. Added to Known Exploited Vulnerabilities list. #GeoServerRisk #USCyber #DataBreach https://t.co/KTo5xvMxgx
@TweetThreatNews
12 Dec 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has mandated U.S. federal agencies to address a critical vulnerability in GeoServer, tracked as CVE-2025-58360, which is being exploited in XML External Entity (XXE) attacks. This flaw affects GeoServer versions 2.26.1 and earlier, allowing unauthorized access to sensitive
@Securityish
12 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New plugin: GeoserverXxePlugin (CVE-2025-58360). GeoServer XXE vulnerability detection - XML External Entity injection in WMS GetMap operation, added to CISA KEV catalog. Results: https://t.co/7ByROrGOIB https://t.co/deLnVFtnh9
@leak_ix
12 Dec 2025
955 Impressions
2 Retweets
6 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited GeoServer XXE flaw (CVE-2025-58360) flagged by CISA & added to KEV catalog. Update now! 💥 https://t.co/BgpTRKHH3t #CISA #GeoServer #XXE #Vulnerability #Cybersecurity
@0xT3chn0m4nc3r
12 Dec 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرة أمان عالية الخطورة في نظام OSGeo GeoServer إلى قائمة الثغرات المعروفة المستغلة (KEV)، بناءً على
@Cybercachear
12 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA just confirmed active exploitation of a new GeoServer flaw (CVE-2025-58360). It’s unauthenticated — the /geoserver/wms endpoint can be abused to access files or hit internal systems if not patched. 🔗 Read: https://t.co/43GS9KssDY
@TheHackersNews
12 Dec 2025
10333 Impressions
32 Retweets
72 Likes
11 Bookmarks
2 Replies
1 Quote
Descubre todo sobre CVE-2025-58360 y su impacto en la seguridad. Más info aquí: https://t.co/4yUdS1k4iN #Ciberseguridad #Vulnerabilidades
@AlejosAngel
8 Dec 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServer has a high-severity XXE bug (CVE-2025-58360). No login needed. Attackers can read files or trigger SSRF through the WMS endpoint. POCs are already on GitHub. Update to 2.25.6, 2.26.3, or 2.27.0. If you expose port 8080 https://t.co/BeKLrESH05
@TheHackerWire
1 Dec 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF https://t.co/wmaPlNcF6Q
@CrowdCyber_Com
1 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Flaw in Geospatial Servers (CVE-2025-58360) Lets Hackers Steal Credentials and Bypass Firewalls. Read the full report on - https://t.co/2JTQaE9cXI https://t.co/lorWwnlxZX
@cyberbivash
1 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServer patched a High-severity XXE flaw (CVE-2025-58360, CVSS 8.2) in its WMS GetMap operation. The flaw allows unauthenticated remote attackers to read arbitrary files and perform SSRF. Update to v2.27.0. #GeoServer #XXE #Cybersecurity #PatchNow https://t.co/9VscCRIvFN
@the_yellow_fall
1 Dec 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServerに未認証の攻撃を許す深刻な脆弱性が発見された。この脆弱性は、悪用されると機密ファイルの盗難やサーバクラッシュを引き起こす可能性があり、地理空間データを扱うシステム管理者にとって緊急
@yousukezan
1 Dec 2025
1067 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360: GeoServer XXE Vulnerability Analysis https://t.co/z7DU5IpQv8
@_r_netsec
28 Nov 2025
1217 Impressions
3 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360 (An XXE vulnerability in GeoServer) was detected using XBOW. We break down the details here: https://t.co/xCzlZOou4L
@HelixGuard_AI
28 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
POC for CVE-2025-58360 · GitHub - https://t.co/uyEvWnEhGA
@piedpiper1616
27 Nov 2025
6563 Impressions
8 Retweets
55 Likes
41 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-58360: Unauthenticated XML External Entities (XXE) via WMS GetMap operation 🔗FOFA Link: https://t.co/sN3KHnlshQ 🎯24k+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Query: app="GeoServer" 🔖Refer: https://t.co/7qSRWeYJb3 #OSINT #F
@fofabot
26 Nov 2025
1429 Impressions
4 Retweets
19 Likes
2 Bookmarks
0 Replies
1 Quote
🚨Alert🚨:CVE-2025-58360:XML External Entity Vulnerability in GeoServer WMS GetMap Operation 📊51.7K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/0Qu4uLnPo6 👇Query HUNTER : https://t.co/q9rtuGfZuz="GeoServer" https://t.co/pTNTZQe
@HunterMapping
26 Nov 2025
4605 Impressions
14 Retweets
63 Likes
28 Bookmarks
1 Reply
0 Quotes
CVE-2025-58360 XML External Entity Vulnerability in GeoServer WMS GetMap Operation https://t.co/VneH9geBVh
@VulmonFeeds
25 Nov 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360 GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity… https://t.co/MK1zlTIa8X
@CVEnew
25 Nov 2025
286 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "929A415A-3926-49DE-855E-9363B5E495D3",
"versionEndExcluding": "2.25.6"
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58DCFD5D-914E-442F-AD07-C019C3BDDB2A",
"versionEndExcluding": "2.26.2",
"versionStartIncluding": "2.26.0"
}
],
"operator": "OR"
}
]
}
]