US EditionCISA Orders Feds to Patch Actively Exploited Geoserver Flaw
7 Articles
7 Articles
CISA Adds Exploited GeoServer XXE Flaw CVE-2025-58360 to KEV Catalog
The GeoServer Gambit: Hackers Exploit Mapping Software’s Hidden Weakness in Latest Cyber Onslaught In the ever-evolving arena of cybersecurity threats, a new vulnerability has emerged as a critical concern for organizations relying on geospatial data management. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw in OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, signaling active …
CISA Flags Actively Exploited GeoServer XXE Flaw In Updated KEV Catalog - Cybernoz - Cybersecurity News
Dec 12, 2025Ravie LakshmananVulnerability / Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versi…
Okay, now I need to summarize this article for the user, keeping it under 100 words. First, I need to carefully read the article and grasp the key points. The article mainly discusses how the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-risk vulnerability, CVE-2025-58360, to its list of known exploits. This vulnerability affects multiple versions of OSGeo GeoServer, including versions 2.25.5 and earlier, and version…
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to
cisa.gov
IT Security News - cybersecurity, infosecurity newsCISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog chayes Dec 11, 2025 Release DateDecember 11, 2025 DescriptionCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.CVE-2025-58360 OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses signific…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
