AI description
CVE-2025-58360 is an XML External Entity (XXE) vulnerability found in GeoServer. The application improperly sanitizes XML input at the `/geoserver/wms` endpoint, specifically within the `GetMap` operation. This allows an attacker to define external entities within an XML request. By exploiting this vulnerability, an attacker can read arbitrary files from the server's file system and conduct Server-Side Request Forgery (SSRF) to interact with internal systems. GeoServer versions before 2.25.6, versions 2.26.0 to before 2.26.3, and versions before 2.27.0 are affected. Users are advised to update to GeoServer 2.25.6, 2.26.3, or 2.27.0 to remediate the vulnerability.
- Description
- GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- geoserver
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-611
- Hype score
- Not currently trending
GeoServer has a high-severity XXE bug (CVE-2025-58360). No login needed. Attackers can read files or trigger SSRF through the WMS endpoint. POCs are already on GitHub. Update to 2.25.6, 2.26.3, or 2.27.0. If you expose port 8080 https://t.co/BeKLrESH05
@TheHackerWire
1 Dec 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
High-Severity GeoServer Flaw (CVE-2025-58360) Allows Unauthenticated XXE for File Theft and SSRF https://t.co/wmaPlNcF6Q
@CrowdCyber_Com
1 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Flaw in Geospatial Servers (CVE-2025-58360) Lets Hackers Steal Credentials and Bypass Firewalls. Read the full report on - https://t.co/2JTQaE9cXI https://t.co/lorWwnlxZX
@Iambivash007
1 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServer patched a High-severity XXE flaw (CVE-2025-58360, CVSS 8.2) in its WMS GetMap operation. The flaw allows unauthenticated remote attackers to read arbitrary files and perform SSRF. Update to v2.27.0. #GeoServer #XXE #Cybersecurity #PatchNow https://t.co/9VscCRIvFN
@the_yellow_fall
1 Dec 2025
120 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GeoServerに未認証の攻撃を許す深刻な脆弱性が発見された。この脆弱性は、悪用されると機密ファイルの盗難やサーバクラッシュを引き起こす可能性があり、地理空間データを扱うシステム管理者にとって緊急
@yousukezan
1 Dec 2025
1067 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360: GeoServer XXE Vulnerability Analysis https://t.co/z7DU5IpQv8
@_r_netsec
28 Nov 2025
1217 Impressions
3 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360 (An XXE vulnerability in GeoServer) was detected using XBOW. We break down the details here: https://t.co/xCzlZOou4L
@HelixGuard_AI
28 Nov 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
POC for CVE-2025-58360 · GitHub - https://t.co/uyEvWnEhGA
@piedpiper1616
27 Nov 2025
6563 Impressions
8 Retweets
55 Likes
41 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-58360: Unauthenticated XML External Entities (XXE) via WMS GetMap operation 🔗FOFA Link: https://t.co/sN3KHnlshQ 🎯24k+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Query: app="GeoServer" 🔖Refer: https://t.co/7qSRWeYJb3 #OSINT #F
@fofabot
26 Nov 2025
1429 Impressions
4 Retweets
19 Likes
2 Bookmarks
0 Replies
1 Quote
🚨Alert🚨:CVE-2025-58360:XML External Entity Vulnerability in GeoServer WMS GetMap Operation 📊51.7K Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/0Qu4uLnPo6 👇Query HUNTER : https://t.co/q9rtuGfZuz="GeoServer" https://t.co/pTNTZQe
@HunterMapping
26 Nov 2025
4605 Impressions
14 Retweets
63 Likes
28 Bookmarks
1 Reply
0 Quotes
CVE-2025-58360 XML External Entity Vulnerability in GeoServer WMS GetMap Operation https://t.co/VneH9geBVh
@VulmonFeeds
25 Nov 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-58360 GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity… https://t.co/MK1zlTIa8X
@CVEnew
25 Nov 2025
286 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "929A415A-3926-49DE-855E-9363B5E495D3",
"versionEndExcluding": "2.25.6"
},
{
"criteria": "cpe:2.3:a:geoserver:geoserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58DCFD5D-914E-442F-AD07-C019C3BDDB2A",
"versionEndExcluding": "2.26.2",
"versionStartIncluding": "2.26.0"
}
],
"operator": "OR"
}
]
}
]