CVE-2025-58360

ENISA EUVD: EUVD-2025-199606 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 1 article Published: 2025-11-25

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

81.39%

probability

This CVE has a 81.39% probability of being exploited in the next 30 days.

0% Top 99.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.2

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Description

VulnerabilityLookup (CNA)

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.

Affected Products

geoserver

>= 2.26.0, < 2.26.2 < 2.25.6

geoserver

2.26.0, < 2.26.2

geoserver

< 2.25.6

Attack Intelligence

CWE-610 · Externally Controlled Reference to a Resource in Another Sphere CWE-611 · XML External Entity CWE-664 · Improper Control of a Resource Through its Lifetime

Exploits & PoC

quyenheu/CVE-2025-58360

XXE through a specific endpoint /geoserver/wms operation GetMap - Geoserver

6 2025-12-08

quyenheu/Bypass-CVE-2025-58360

A new way to exploit CVE-2025-58360 bypass WAF

1 2025-12-31

thomas-osgood/cve-2025-58360

1 2026-02-02

carlzhang123/Blackash-CVE-2025-58360

CVE-2025-58360

0 2025-11-26

rxerium/CVE-2025-58360

Passive detection for CVE-2025-58360

0 2025-12-12

Joker-Wiggin/CVE-2025-58360-GeoServer-XXE

0 2025-12-12

6 repos — triés par ⭐ Rechercher sur GitHub ↗

https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525

x_refsource_CONFIRM

https://osgeo-org.atlassian.net/browse/GEOS-11682

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

92%

EPSS 81.39%

CVSS v3.1 8.2

Mentions 1

Last Seen Dec 12, 2025

CNA Information

CNA Assigner

GitHub_M

CNA Title

GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

Analyst Note

CVE-2025-58360 is explicitly listed in CISA's KEV catalog with documented active exploitation in the wild. Published 2025-11-25 with immediate exploitation reports and rapid patch deployment (versions 2.26.2 and 2.25.6), indicating exploitation preceded or coincided with patch availability, meeting zero-day criteria.

Threat Actors 4

Infy

apt_group Information theft and espionage 🇮🇷 IR

Shadow Network

apt_group Information theft and espionage 🇨🇳 CN

Mana Team

apt_group 🇨🇳 CN

Operation Shadow Force

apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateNov 25, 2025