CVE-2025-58360 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External…
High KEV CVSS: 8.2

CVE-2025-58360

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.
Vendor
Geoserver
Product
Geoserver
CWE
CWE-611
Yayın Tarihi
2025-11-25 21:15:56
Güncelleme
2025-12-12 13:54:01
Source Identifier
security-advisories@github.com
KEV Date Added
2025-12-11

Kategoriler

CWE-611 Geoserver HIGH Geoserver 2025

Referanslar

https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525 https://osgeo-org.atlassian.net/browse/GEOS-11682 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-58360