BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

CISA Flags High-Severity Vulnerability in OSGeo GeoServer Software

CISA Adds High-Severity Unauthenticated XXE Vulnerability in OSGeo GeoServer to Known Exploited Vulnerabilities Catalog Amid Active Exploitation and Mandated Federal Patching by January 2026

  • CISA has added a high-severity vulnerability affecting OSGeo GeoServer to its Known Exploited Vulnerabilities catalog due to active exploitation.
  • The flaw, CVE-2025-58360, is an unauthenticated XML External Entity (XXE) vulnerability impacting multiple GeoServer versions.
  • The issue allows attackers to access server files, conduct internal network interactions, or cause denial-of-service attacks.
  • Patched versions of GeoServer have been released, and federal agencies must apply fixes by January 1, 2026.
  • An exploit is confirmed to exist in the wild, with another critical GeoServer flaw previously exploited by threat actors.

On December 11, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) included a significant security vulnerability in OSGeo GeoServer in its Known Exploited Vulnerabilities catalog. This decision followed evidence showing the flaw is actively exploited in real-world attacks.

- Advertisement -

The vulnerability, identified as CVE-2025-58360 with a CVSS score of 8.2, is an unauthenticated XML External Entity (XXE) issue. XXE flaws allow attackers to manipulate XML input to access unauthorized data or services. It affects all versions prior to and including 2.25.5 and 2.26.0 through 2.26.1. The flaw has been resolved in GeoServer versions 2.25.6, 2.26.2, 2.27.0, 2.28.0, and 2.28.1.

According to CISA, the vulnerability arises when the application processes XML requests via the /geoserver/wms GetMap operation. Attackers can define external entities in these XML inputs, which bypasses proper restrictions. This can lead to reading arbitrary files on the server, performing Server-Side Request Forgery (SSRF) to interact with internal systems, or causing denial-of-service (DoS) conditions by consuming resources.

Affected GeoServer packages include docker.osgeo.org/geoserver and Maven packages org.geoserver.web:gs-web-app and org.geoserver:gs-wms. The vulnerability was initially reported by the AI-powered platform XBOW.

A security advisory from the Canadian Centre for Cyber Security on November 28, 2025, stated that an exploit for this vulnerability exists in the wild. While specific attack methods are not detailed, the advisory underscores the urgency of patching affected systems.

- Advertisement -

Adding to concerns, another critical GeoServer vulnerability (CVE-2024-36401) with a CVSS score of 9.8 has been actively exploited by various threat actors over the past year. Federal Civilian Executive Branch agencies are directed to implement required patches by January 1, 2026, to protect their networks.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

IMF: Dollar stablecoins may amplify currency runs in fixed-rate economies

An IMF working paper by economist Brandon Joel Tan models how dollar stablecoins improve...

Japan Plans to Legalize Cryptocurrency ETFs, Minister Says

Japanese Finance Minister Satsuki Katayama announced plans to legalize cryptocurrency ETFs.ETFs let investors gain...

Must Read

Top 10 Best DeFi Tokens to Invest in 2022

Decentralized Finance (Defi), is one of the most talked-about topics in the crypto space alongside NFTs. So if you want to know the best...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading