2 matches found
GeoServer WFS - XXE Processing Vulnerability
GeoServer Web Feature Service WFS is vulnerable to an XML External Entity XXE processing attack due to improper handling of XML input. This vulnerability allows attackers to perform Out-of-Band OOB data exfiltration and Server-Side Request Forgery SSRF by exploiting the GeoTools library. id:...
GHSA-JJ54-8F66-C5PC [XBOW-025-068] XML External Entity (XXE) Processing Vulnerability in GeoServer WFS Service
Summary GeoServer Web Feature Service WFS web service was found to be vulnerable to GeoTools CVE-2025-30220 XML External Entity XXE processing attack. It is possible to trigger the parsing of external DTDs and entities, bypassing standard entity resolvers. This allows for Out-of-Band OOB data...