Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

OSGeo GeoServer actively exploited XXE flaw (CVE-2025-58360)

Vulnerability
First reported
Last updated
Happening score
H score 59
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2025-58360 in OSGeo GeoServer to the KEV catalog after evidence of active exploitation in the wild. The flaw is an unauthenticated XXE issue affecting all versions through 2.25.5 and 2.26.0 through 2.26.1, with fixes now available in later releases. Successful abuse could enable arbitrary file access, SSRF, or DoS against exposed GeoServer instances.

Cases

GeoServer exploitation, federal breach, and monetization activity (4)

Related Happenings

CISA KEV remediation deadline for SolarWinds WHD CVE-2025-40551

Public Sector Action
First: 04.02.2026 07:50 Last: 04.02.2026 07:50 Sources 1

About this happening: **CISA** added **CVE-2025-40551** in **SolarWinds Web Help Desk** to the **KEV catalog** and imposed **federal remediation deadlines**, turning a newly exploited flaw into a compl...

Open Happening

CISA orders FCEB GeoServer patching

Public Sector Action
First: 12.12.2025 11:48 Last: 12.12.2025 11:48 Sources 1

About this happening: CISA added **CVE-2025-58360** to its **KEV Catalog** and ordered **FCEB agencies** to patch **GeoServer** by **January 1st, 2026**, tightening federal exposure to an **actively ex...

Open Happening

CISA FortiWeb remediation order for FCEB agencies

Public Sector Action
First: 19.11.2025 15:44 Last: 19.11.2025 15:44 Sources 1

About this happening: CISA ordered **U.S. federal civilian agencies** to secure **FortiWeb** within **one week** after the flaw was exploited in **zero-day attacks**, sharply raising the urgency for fe...

Open Happening

Gladinet CentreStack and Triofox workaround for CVE-2025-11371

Advisory/Mitigation
First: 10.10.2025 22:08 Last: 10.10.2025 22:08 Sources 1

About this happening: **CentreStack** and **Triofox** are affected by **CVE-2025-11371**, a **local file inclusion zero-day** that threat actors have **abused since late September** to read **Web.confi...

Open Happening

CISA KEV addition for Smartbedded Meteobridge CVE-2025-4008

Public Sector Action
First: 03.10.2025 11:23 Last: 03.10.2025 11:23 Sources 1

About this happening: CISA added **CVE-2025-4008** in **Smartbedded Meteobridge** to the **KEV catalog**, signaling **active exploitation** and requiring **FCEB agencies** to apply updates by **October...

Open Happening

Timeline

  1. 12.12.2025 07:01 1 articles · 5mo ago

    CVE-2025-58360 exploit exists in the wild

    Exploitation Observed

    A Canadian Centre for Cyber Security bulletin said an exploit for OSGeo GeoServer CVE-2025-58360 exists in the wild, indicating active exploitation against vulnerable GeoServer deployments.

    Show sources
    Open in new tab
  2. 12.12.2025 07:01 2 articles · 5mo ago

    CISA adds GeoServer CVE-2025-58360 to KEV

    Legal Policy Action Update

    On December 12, 2025, CISA added OSGeo GeoServer CVE-2025-58360 to the Known Exploited Vulnerabilities catalog after evidence of active exploitation in the wild. The unauthenticated XML External Entity flaw affects all versions prior to and including 2.25.5 and 2.26.0 through 2.26.1, with fixed releases available in 2.25.6, 2.26.2, 2.27.0, 2.28.0, and 2.28.1; successful exploitation can expose arbitrary files, enable SSRF, or trigger DoS, and FCEB agencies were advised to apply required fixes by January 1, 2026.

    Show sources
    Open in new tab