CISA Flags Actively Exploited XXE Vulnerability in OSGeo GeoServer

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-58360 to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation in the wild. This vulnerability is an unauthenticated XML External Entity (XXE) injection flaw affecting OSGeo GeoServer, a popular open-source platform for sharing and editing geospatial data. With a CVSS score of 8.2, this vulnerability poses a significant risk as it allows remote attackers to exploit the system without any prior authentication. XXE vulnerabilities occur when an application processes XML input containing references to external entities, which can lead to the disclosure of sensitive data, denial of service, or server-side request forgery. In the case of CVE-2025-58360, the vulnerability affects all versions of OSGeo GeoServer prior to the patched version. The fact that this vulnerability is being actively exploited underscores the urgent need for organizations using GeoServer to apply the necessary patches. The addition of this vulnerability to CISA's KEV catalog highlights its severity and the potential for widespread exploitation. While CISA has not disclosed specific targets or threat actors involved in the exploitation of this vulnerability, the unauthenticated nature of the flaw makes it particularly dangerous. Attackers can exploit this vulnerability without needing any credentials, lowering the barrier to entry and increasing the potential for widespread attacks. For cybersecurity professionals, the primary action is to identify and patch all affected versions of OSGeo GeoServer immediately. Additionally, organizations should monitor their systems for any signs of exploitation and consider implementing mitigations such as disabling XML external entity processing if possible. Expert insights suggest that XXE vulnerabilities are often overlooked but can have severe consequences. Organizations should prioritize patching known vulnerabilities and implement robust input validation and secure configuration practices to mitigate the risk of similar vulnerabilities in the future. In conclusion, the active exploitation of CVE-2025-58360 in OSGeo GeoServer is a critical issue that requires immediate attention from cybersecurity professionals. By applying patches and implementing additional mitigations, organizations can reduce their exposure to this significant threat.