PT-2025-48086

🗓️ 25 Nov 2025 00:00:00Reported by Positive TechnologiesType

GeoServer had an XML External Entity vulnerability in GetMap requests; patched in 2.25.6, 2.26.3, and 2.27.0.

Reporter	Title	Published	Views	Family All 22
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Geoserver	12 Dec 202518:51	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Geoserver	12 Dec 202506:33	–	githubexploit
GithubExploit	Exploit for Improper Restriction of XML External Entity Reference in Geoserver	31 Dec 202503:49	–	githubexploit
Circl	CVE-2025-58360	26 Nov 202518:02	–	circl
CISA KEV Catalog	OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability	11 Dec 202500:00	–	cisa_kev
CISA	CISA Adds One Known Exploited Vulnerability to Catalog	11 Dec 202512:00	–	cisa
CNNVD	GeoServer 代码问题漏洞	25 Nov 202500:00	–	cnnvd
CVE	CVE-2025-58360	25 Nov 202520:17	–	cve
Cvelist	CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature	25 Nov 202520:17	–	cvelist
EUVD	EUVD-2025-199606	25 Nov 202520:17	–	euvd

Source	Link
reddit	www.reddit.com/r/CVEWatch/comments/1pb9z0k/top_10_trending_cves_01122025
twitter	www.twitter.com/GobySec/status/1993624052934811721
twitter	www.twitter.com/zoomeye_team/status/1993622182984061002
twitter	www.twitter.com/TheExploitLab/status/2006354914474381643
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58360.json
twitter	www.twitter.com/CrowdCyber_Com/status/1995433207156670469
t	www.t.me/RNetsec/22257
twitter	www.twitter.com/Divert_Security/status/2016209723130053081
reddit	www.reddit.com/r/u_aalejos/comments/1php3ru/cve202558360_an%C3%A1lisis_de_vulnerabilidad_cr%C3%ADtica
twitter	www.twitter.com/DarkWebInformer/status/1999260702607888806

15 Apr 2026 00:00Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.18.2 - 9.8

EPSS0.81395

SSVC