The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog. This action was based on evidence of active exploitation in the wild, highlighting the urgency of addressing the issue. The vulnerability is identified as CVE-2025-58360, carrying a CVSS score of 8.2.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog. This action was based on evidence of active exploitation in the wild, highlighting the urgency of addressing the issue.
The vulnerability is identified as CVE-2025-58360, carrying a CVSS score of 8.2. It is an unauthenticated XML External Entity (XXE) flaw. This critical security defect affects all versions of OSGeo GeoServer prior to a specific, unmentioned release.