CVE-2025-58360 Scanner

GeoServer is an open-source server software that allows users to share, process, and edit geospatial data. It is used by organizations and individuals to publish geographical data from any major spatial database. The software is common in GIS (Geographic Information Systems) for both governmental and non-governmental organizations. GeoServer supports numerous mapping formats and is commonly used to render maps on the web. It plays a vital role in mapping and location services provided over the internet. GeoServer allows for real-time data sharing across various platforms and applications.

XML External Entity (XXE) injection is a vulnerability that is typically found in applications that parse XML input. This vulnerability occurs when an application allows untrusted XML input that contains a reference to an external entity. When processing XML data, if the parsing process is not adequately secured, it may lead to the inclusion of unintended files. Attackers can exploit this to read sensitive data, cause denial of service, or interact with external systems. It can be a serious threat, exposing critical data and compromising system integrity. An XXE injection is performed by crafting an XML payload that causes unintended behavior, affecting the confidentiality and availability of data or services.

The vulnerability within GeoServer is found in insufficient sanitization of XML input within the GetMap operation at the /geoserver/wms endpoint. GeoServer versions 2.26.0 to 2.26.2, and 2.25.6 are particularly susceptible. The improperly sanitized XML input can contain a reference to an entity that points to sensitive files on the server. This allows unauthorized access to sensitive files which may contain confidential data. Attackers may tamper with XML data to execute XXE payloads, leading to data disclosure or denial of service. The request header with crafted XML input can exploit this vulnerability.

Exploitation of this vulnerability could lead to significant impacts on the affected server. Sensitive server files may be disclosed, exposing confidential information to unauthorized attackers. Furthermore, a denial of service condition could be initiated, affecting availability of the service. The vulnerability can compromise data integrity by allowing external entity processing that interacts with restricted resources. Users and systems relying on GeoServer may experience downtime or untrusted access to proprietary or sensitive data. This could further extend to unauthorized command execution in severe cases.

REFERENCES

• https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525
• https://nvd.nist.gov/vuln/detail/CVE-2025-58360