OSGeo GeoServer actively exploited XXE flaw (CVE-2025-58360)
Vulnerability
Summary
Hide ▲
Show ▼
CISA added CVE-2025-58360 in OSGeo GeoServer to the KEV catalog after evidence of active exploitation in the wild. The flaw is an unauthenticated XXE issue affecting all versions through 2.25.5 and 2.26.0 through 2.26.1, with fixes now available in later releases. Successful abuse could enable arbitrary file access, SSRF, or DoS against exposed GeoServer instances.
Cases
Related Happenings
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/Mitigation
H score52
First: 06.06.2026 11:14
Last: 06.06.2026 11:14
Sources 1
About this happening:
**SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
SolarWinds Serv-U advisory and mitigations for CVE-2026-28318
Advisory/MitigationAbout this happening: **SolarWinds Serv-U** mitigation guidance now covers **CVE-2026-28318**, reducing **unauthenticated DoS** risk from specially crafted POST requests. SolarWinds says the flaw is ad...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector Action
H score53
First: 04.02.2026 07:50
Last: 04.02.2026 07:50
Sources 1
About this happening:
**CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551
Public Sector ActionAbout this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...
CISA orders FCEB GeoServer patching
Public Sector Action
H score73
First: 12.12.2025 11:48
Last: 12.12.2025 11:48
Sources 1
About this happening:
CISA added **CVE-2025-58360** to its **KEV Catalog** and ordered **FCEB agencies** to patch **GeoServer** by **January 1st, 2026**, tightening federal exposure to an **actively ex...
CISA orders FCEB GeoServer patching
Public Sector ActionAbout this happening: CISA added **CVE-2025-58360** to its **KEV Catalog** and ordered **FCEB agencies** to patch **GeoServer** by **January 1st, 2026**, tightening federal exposure to an **actively ex...
CISA FortiWeb remediation order for FCEB agencies
Public Sector Action
H score36
First: 19.11.2025 15:44
Last: 19.11.2025 15:44
Sources 1
About this happening:
CISA ordered **U.S. federal civilian agencies** to secure **FortiWeb** within **one week** after the flaw was exploited in **zero-day attacks**, sharply raising the urgency for fe...
CISA FortiWeb remediation order for FCEB agencies
Public Sector ActionAbout this happening: CISA ordered **U.S. federal civilian agencies** to secure **FortiWeb** within **one week** after the flaw was exploited in **zero-day attacks**, sharply raising the urgency for fe...
Gladinet CentreStack and Triofox workaround for CVE-2025-11371
Advisory/Mitigation
H score40
First: 10.10.2025 22:08
Last: 10.10.2025 22:08
Sources 1
About this happening:
**CentreStack** and **Triofox** are affected by **CVE-2025-11371**, a **local file inclusion zero-day** that threat actors have **abused since late September** to read **Web.confi...
Gladinet CentreStack and Triofox workaround for CVE-2025-11371
Advisory/MitigationAbout this happening: **CentreStack** and **Triofox** are affected by **CVE-2025-11371**, a **local file inclusion zero-day** that threat actors have **abused since late September** to read **Web.confi...
Timeline
-
12.12.2025 07:01 1 articles · 6mo ago
CVE-2025-58360 exploit exists in the wild
Exploitation ObservedA Canadian Centre for Cyber Security bulletin said an exploit for OSGeo GeoServer CVE-2025-58360 exists in the wild, indicating active exploitation against vulnerable GeoServer deployments.
Show sources
- CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog — thehackernews.com — 12.12.2025 07:01
-
12.12.2025 07:01 2 articles · 6mo ago
CISA adds GeoServer CVE-2025-58360 to KEV
Legal Policy Action UpdateOn December 12, 2025, CISA added OSGeo GeoServer CVE-2025-58360 to the Known Exploited Vulnerabilities catalog after evidence of active exploitation in the wild. The unauthenticated XML External Entity flaw affects all versions prior to and including 2.25.5 and 2.26.0 through 2.26.1, with fixed releases available in 2.25.6, 2.26.2, 2.27.0, 2.28.0, and 2.28.1; successful exploitation can expose arbitrary files, enable SSRF, or trigger DoS, and FCEB agencies were advised to apply required fixes by January 1, 2026.
Show sources
- CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog — thehackernews.com — 12.12.2025 07:01
- CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog — thehackernews.com — 12.12.2025 07:01