CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog
好的，我现在需要帮用户总结这篇文章的内容，控制在100个字以内。首先，我得仔细阅读文章，抓住关键点。文章主要讲的是美国网络安全和基础设施安全局（CISA）将一个高危漏洞CVE-2025-58360加入到已知被利用的漏洞目录中。这个漏洞影响了OSGeo GeoServer的多个版本，包括2.25.5及之前的版本，以及2.26.0到2.26.1的版本。漏洞类型是未认证的XXE（XML外部实体）漏洞，CVSS评分为8.2。接下来，文章提到该漏洞已经被修复，在版本2.25.6、2.26.2、2.27.0、2.28.0和2.28.1中都有补丁。XBOW平台发现了这个漏洞，并报告了问题。 CISA的描述指出，攻击者可以通过特定的端点发送XML请求，导致服务器访问任意文件、进行SSRF攻击或引发DoS攻击。虽然目前还没有关于该漏洞被实际利用的详细信息，但加拿大网络安全中心在11月发布了一个公告，称该漏洞在野外有被利用的情况。此外，文章还提到同一软件中另一个高危漏洞CVE-2024-36401在过去一年中被多个威胁行为者利用。CISA建议联邦机构在2026年1月1日前应用补丁修复漏洞。总结一下，关键点包括：CISA加入KEV目录、漏洞CVE-XX影响GeoServer多个版本、XXE类型、CVSS评分8.2、修复版本、可能的攻击影响（文件访问、SSRF、DoS）、公告提到野外利用情况、另一个高危漏洞的历史背景以及修复建议的时间节点。现在我需要将这些信息浓缩到100字以内。要注意用词简洁明了，涵盖主要事件和影响。可能的结构是：CISA将某个高危XXE漏洞加入目录，影响GeoServer多个版本，CVSS评分8.2。该漏洞允许攻击者访问文件、进行SSRF或DoS攻击。已发布修复补丁，并提醒用户尽快更新以防止被利用。这样应该能控制在100字以内。 </think> 美国网络安全机构CISA将影响OSGeo GeoServer的高危XML外部实体（XXE）漏洞CVE-2025-58360加入已知被利用的漏洞目录。该漏洞允许攻击者通过特定端点发送恶意XML请求，从而访问服务器文件、发起SSRF或DoS攻击。已发布修复版本以应对这一威胁。 2025-12-12 05:1:0 Author: thehackernews.com(查看原文) 阅读量:11 收藏

Vulnerability / Server Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.

The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to and including 2.25.5, and from versions 2.26.0 through 2.26.1. It has been patched in versions 2.25.6, 2.26.2, 2.27.0, 2.28.0, and 2.28.1. Artificial intelligence (AI)-powered vulnerability discovery platform XBOW has been acknowledged for reporting the issue.

"OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request," CISA said.

The following packages are affected by the flaw -

docker.osgeo.org/geoserver
org.geoserver.web:gs-web-app (Maven)
org.geoserver:gs-wms (Maven)

Successful exploitation of the vulnerability could allow an attacker to access arbitrary files from the server's file system, conduct Server-Side Request Forgery (SSRF) to interact with internal systems, or launch a denial-of-service (DoS) attack by exhausting resources, the maintainers of the open-source software said in an alert published late last month.

There are currently no details available on how the security defect is being abused in real-world attacks. However, a bulletin from the Canadian Centre for Cyber Security on November 28, 2025, said "an exploit for CVE-2025-58360 exists in the wild."

It's worth noting that another critical flaw in the same software (CVE-2024-36401, CVSS score: 9.8) has been exploited by multiple threat actors over the past year. Federal Civilian Executive Branch (FCEB) agencies are advised to apply the required fixes by January 1, 2026, to secure their networks.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

文章来源: https://thehackernews.com/2025/12/cisa-flags-actively-exploited-geoserver.html
如有侵权请联系:admin#unsafe.sh