{"id":9148,"date":"2025-12-12T10:04:06","date_gmt":"2025-12-12T10:04:06","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/12\/12\/cisa-warns-of-osgeo-geoserver-0-day-vulnerability-exploited-in-attacks\/"},"modified":"2025-12-12T10:04:06","modified_gmt":"2025-12-12T10:04:06","slug":"cisa-warns-of-osgeo-geoserver-0-day-vulnerability-exploited-in-attacks","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/12\/12\/cisa-warns-of-osgeo-geoserver-0-day-vulnerability-exploited-in-attacks\/","title":{"rendered":"CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks"},"content":{"rendered":"

CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server.<\/p>\n

CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively leveraging this zero-day<\/a> flaw in attacks targeting both public and private sectors.<\/p>\n

The newly disclosed vulnerability, tracked as CVE-2025-58360, is classified as an Improper Restriction of XML External Entity (XXE<\/a>) Reference.<\/p>\n

This security gap exists within the application\u2019s handling of XML input. Specifically involving the\u00a0\/geoserver\/wms\u00a0endpoint during\u00a0GetMap\u00a0operations.<\/p>\n

\n\n\n\n\n\n\n\n\n\n
Field<\/th>\nDetails<\/th>\n<\/tr>\n<\/thead>\n
CVE ID<\/strong><\/td>\nCVE-2025-58360<\/td>\n<\/tr>\n
Name<\/strong><\/td>\nOSGeo GeoServer XXE Vulnerability<\/td>\n<\/tr>\n
Description<\/strong><\/td>\nXML input in \/geoserver\/wms<\/code> GetMap is not properly restricted, allowing external XML entities.<\/td>\n<\/tr>\n
Related CWE<\/strong><\/td>\nCWE-611<\/td>\n<\/tr>\n
Action<\/strong><\/td>\nApply vendor fixes, follow BOD 22-01 for cloud services, or stop using the product.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Security researchers have determined that the software fails to restrict external entities in XML requests properly.<\/p>\n

By exploiting this weakness, remote attackers can define malicious external entities in their requests. Successful exploitation could allow unauthorized actors to view files on the server.<\/p>\n

Interact with backend or external systems (Server-Side Request Forgery), or cause denial-of-service<\/a> conditions.<\/p>\n

The confirmation of active exploitation prompted CISA to intervene, requiring federal civilian executive branch (FCEB) agencies to immediately secure their systems.<\/p>\n

In accordance with Binding Operational Directive (BOD<\/a>) 22-01, CISA has mandated that all FCEB agencies must identify and mitigate this vulnerability by January 1, 2026.<\/p>\n

While the mandate applies only to federal agencies, CISA strongly urges all organizations that use OSGeo GeoServer<\/a> to prioritize this update.<\/p>\n

The short remediation window reflects the severity of the threat <\/a>and the active nature of current campaigns. Administrators are advised to apply the relevant vendor mitigations immediately.<\/p>\n

If patches are not yet available for specific configurations, organizations should follow CISA\u2019s<\/a> guidance for cloud services. Consider temporarily discontinuing the use of the affected product until it can be secured.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Abinaya
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

CISA Warns of OSGeo GeoServer 0-Day Vulnerability Exploited in Attacks An urgent warning about a critical security flaw in OSGeo GeoServer, a widely used open-source geographic data-sharing server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively leveraging this zero-day flaw in attacks targeting both public […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648,517],"tags":[130],"class_list":["post-9148","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","category-zero-day","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9148"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9148"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9148\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}