CISA has mandated US federal agencies to patch a critical GeoServer vulnerability (CVE-2025-58360) actively exploited through XXE injection attacks. The vulnerability allows attackers to retrieve files, cause denial-of-service, or perform SSRF attacks, with thousands of instances exposed online. #GeoServer #XXE
Keypoints
- The CVE-2025-58360 vulnerability affects GeoServer versions 2.26.1 and earlier.
- Attackers exploit weak XML input processing to perform XXE injection, leading to data exposure or system disruption.
- CISA classifies this flaw as actively exploited and mandates federal agencies to patch by January 1st, 2026.
- Thousands of GeoServer instances are exposed online, increasing the risk of cyberattacks.
- Previous related vulnerabilities include CVE-2022-24816 and CVE-2024-36401, which targeted U.S. government agencies.