Tech News
← Back to articles

CISA orders feds to patch actively exploited Geoserver flaw

2025-12-12 | original
read original related products more articles

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks.

In such attacks, an XML input containing a reference to an external entity is processed by a weakly configured XML parser, allowing threat actors to launch denial-of-service attacks, access confidential data, or perform Server-Side Request Forgery (SSRF) to interact with internal systems.

The security flaw (tracked as CVE-2025-58360) flagged by CISA on Thursday is an unauthenticated XML External Entity (XXE) vulnerability in GeoServer 2.26.1 and prior versions (an open-source server for sharing geospatial data over the Internet) that can be exploited to retrieve arbitrary files from vulnerable servers.

"An XML External Entity (XXE) vulnerability was identified affecting GeoServer 2.26.1 and prior versions. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap," a GeoServer advisory explains.

"However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request."

The Shadowserver Internet watchdog group now tracks 2,451 IP addresses with GeoServer fingerprints, while Shodan reports over 14,000 instances exposed online.

GeoServer instances exposed online (Shadowserver)

​CISA has now added CVE-2025-58360 to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the flaw is being actively exploited in attacks and ordering Federal Civilian Executive Branch (FCEB) agencies to patch servers by January 1st, 2026, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021.

FCEB agencies are non-military agencies within the U.S. executive branch, such as the Department of Energy, the Department of the Treasury, the Department of Homeland Security, and the Department of Health and Human Services.

Although BOD 22-01 only applies to federal agencies, the U.S. cybersecurity agency urged network defenders to prioritize patching this vulnerability as soon as possible.

... continue reading

Related:
Hamas-Linked Hackers Probe Middle Eastern Diplomats
Notepad++ users urged to update immediately after hackers hijack the app's updater
Apple loses contempt appeal in Epic case
A Developer Accidentally Found CSAM in AI Data. Google Banned Him for It
The goverment is vibe coding now

© 2025 GoKawiil