---
title: "CISA Warns of Actively Exploited GeoServer Vulnerability CVE-2025-58360"
short_title: "CISA adds critical GeoServer XXE vulnerability"
description: "CISA has added CVE-2025-58360, an actively exploited GeoServer XXE vulnerability, to its KEV Catalog. Federal agencies and organizations must patch immediately."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2025-58360, geoserver, xxe, vulnerability-management]
score: 0.85
cve_ids: [CVE-2025-58360]
---
TL;DR
CISA has added CVE-2025-58360, an Improper Restriction of XML External Entity (XXE) Reference vulnerability in OSGeo GeoServer, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must remediate this flaw by the specified deadline, while all organizations are urged to prioritize patching to mitigate risks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to an actively exploited vulnerability in OSGeo GeoServer, a popular open-source software for sharing and editing geospatial data. The agency added CVE-2025-58360 to its [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog), highlighting the urgent need for remediation across federal and private sector networks.
This vulnerability poses a significant threat to organizations, as XXE flaws are a frequent attack vector for malicious cyber actors. Successful exploitation could lead to data exfiltration, server-side request forgery (SSRF), or remote code execution (RCE), depending on the configuration and environment.
Key Points
- CVE-2025-58360 is an XXE vulnerability in OSGeo GeoServer, allowing attackers to interfere with XML processing.
- CISA’s Binding Operational Directive (BOD) 22-01 mandates federal agencies to remediate this vulnerability by the specified due date.
- While BOD 22-01 applies only to Federal Civilian Executive Branch (FCEB) agencies, CISA urges all organizations to prioritize patching this flaw.
- Timely remediation of KEV Catalog vulnerabilities is critical to reducing exposure to cyberattacks.
Technical Details
CVE-2025-58360 is classified as an Improper Restriction of XML External Entity Reference vulnerability. XXE vulnerabilities occur when an application parses XML input without properly sanitizing or disabling external entity references. Attackers can exploit this flaw to:
- Access sensitive files on the server.
- Initiate network requests to internal systems (SSRF).
- Execute arbitrary code in certain configurations.
GeoServer, widely used in geospatial data infrastructure, is a prime target for threat actors due to its integration with critical systems in government, defense, and private sectors.
Impact Assessment
The inclusion of CVE-2025-58360 in CISA’s KEV Catalog underscores its high severity and active exploitation. Organizations failing to patch this vulnerability risk:
- Data breaches leading to unauthorized access to sensitive geospatial or operational data.
- Lateral movement within networks, enabling attackers to compromise additional systems.
- Disruption of services reliant on GeoServer for geospatial data processing and visualization.
Federal agencies must comply with BOD 22-01 directives, but all organizations—regardless of sector—should treat this as a critical priority to prevent potential breaches.
Mitigation Steps
To mitigate the risks associated with CVE-2025-58360, organizations should:
1. Apply the latest patch for GeoServer immediately. Refer to the [official OSGeo GeoServer security advisory](https://geoserver.org/security/) for updates.
2. Disable external entity processing in XML parsers if patching is not immediately feasible.
3. Monitor network traffic for suspicious activity, such as unusual XML requests or data exfiltration attempts.
4. Review CISA’s KEV Catalog regularly to stay informed about emerging threats and vulnerabilities.
---
Conclusion
CISA’s addition of CVE-2025-58360 to its KEV Catalog serves as a critical reminder of the ongoing threats posed by unpatched vulnerabilities. While federal agencies are required to act, all organizations must prioritize vulnerability management to safeguard their systems. Proactive patching, continuous monitoring, and adherence to cybersecurity best practices are essential to mitigating risks in an evolving threat landscape.
---
References
[^1]: CISA. "[CISA Adds One Known Exploited Vulnerability to Catalog](https://www.cisa.gov/news-events/alerts/2025/12/11/cisa-adds-one-known-exploited-vulnerability-catalog)". Retrieved 2025-01-24.
[^2]: OSGeo. "[GeoServer Security Advisory](https://geoserver.org/security/)". Retrieved 2025-01-24.
[^3]: CVE. "[CVE-2025-58360 Detail](https://www.cve.org/CVERecord?id=CVE-2025-58360)". Retrieved 2025-01-24.