THREATOPS
THREAT OPSCVEs › CVE-2025-58360

CVE-2025-58360 — OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability

CISA KEVExploited: confirmedOSGeo

OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request.

Vulnerability details