OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability

OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request...

VulnCheck KEV: CVE-2025-58360

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

PT-2025-48086

Name of the Vulnerable Software and Affected Versions: GeoServer versions 2.26.0 through 2.26.1 and versions prior to 2.25.6 Description: GeoServer is an open-source server for sharing and editing geospatial data. A vulnerability exists due to improper restriction of XML external entity reference...

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer versions 2.26.0 through prior to 2.26.2 and prior to 2.25.6, which stems from insufficiently cleaned or restricted X...