Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog, indicating that attackers can access internal files or trigger server-side requests by exploiting this XML External Entity (XXE) vulnerability in versions 2.26.0 to 2.26.1 and v2.25.x before 2.25.6 of GeoServer. This vulnerability comes after a previous breach of a U.S. federal civilian agency's network via an unpatched GeoServer flaw, tracked as CVE-2024-36401 (CVSS score of 9.8). Experts recommend that private organizations review the KEV catalog and address these vulnerabilities in their infrastructure to mitigate potential attacks.
GeoServer version 2.26.0 to 2.26.1 and v2.25.x before 2.25.6 have an XML External Entity (XXE) vulnerability, tracked as CVE-2025-58360.The vulnerability carries a CVSS score of 8.2 and allows attackers to access internal files or trigger server-side requests.CISA has added GeoServer to the Known Exploited Vulnerabilities (KEV) catalog due to this vulnerability.An exploit for CVE-2025-58360 is currently active in the wild, according to Canada's Cyber Centre.CISA orders federal agencies to fix this vulnerability by January 1st, 2026.
GeoServer, an open-source server that allows users to share and edit geospatial data, has recently been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, tracked as CVE-2025-58360, carries a CVSS score of 8.2, indicating its potential severity.
The identified flaw is an XML External Entity (XXE) vulnerability in the /geoserver/wms GetMap endpoint, which was present in GeoServer versions 2.26.0 to 2.26.1 and v2.25.x before 2.25.6. This means that attackers could embed external entities in requests, potentially accessing internal files or triggering server-side requests.
According to the advisory published by CISA, "GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified." The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap, which is not sufficiently sanitized or restricted, allowing attackers to define external entities within the XML request.
This vulnerability was already confirmed by Canada's Cyber Centre on November 28, 2025, indicating that an exploit is currently active in the wild. The Canadian Centre for Cyber Security published an alert stating, "Open-source reporting indicates that an exploit for CVE-2025-58360 exists in the wild." CISA orders federal agencies to fix this vulnerability by January 1st, 2026.
The identification of this vulnerability comes on the heels of a previous breach of a U.S. federal civilian agency's network via an unpatched GeoServer flaw, tracked as CVE-2024-36401 (CVSS score of 9.8). This critical remote code execution issue was added to CISA's KEV catalog in mid-July 2024.
In July 2024, the attackers exploited this vulnerability to breach a U.S. federal agency's network on July 11, 2024. Once inside, they moved laterally to two other servers, exploiting the same vulnerability to access additional systems. The attackers deployed web shells and scripts for persistence, remote access, and privilege escalation.
Experts have recommended that private organizations review the KEV catalog and address these vulnerabilities in their infrastructure, following CISA's guidance on binding operational directive BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. The importance of staying updated with the latest information from security agencies cannot be overstated.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Critical-GeoServer-Vulnerability-A-New-Threat-Looms-Over-Geospatial-Data-ehn.shtml
https://securityaffairs.com/185604/hacking/u-s-cisa-adds-an-osgeo-geoserver-flaw-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2025-58360
https://www.cvedetails.com/cve/CVE-2025-58360/
https://nvd.nist.gov/vuln/detail/CVE-2024-36401
https://www.cvedetails.com/cve/CVE-2024-36401/
Published: Fri Dec 12 03:55:20 2025 by llama3.2 3B Q4_K_M
