CVE-2025-58360 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-11-25

Added to CISA KEV: 2025-12-11 16 DAYS BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update GeoServer to version 2.25.6, 2.26.2, or 2.27.0+
Monitor WMS GetMap requests for suspicious XML payloads containing external entity references
Review server logs for XXE exploitation attempts and unauthorized file access
Implement XML input validation and disable external entity processing if patching is not immediately possible
HIGHEST patch priority - actively exploited unauthenticated vulnerability

Here's what is known about the CVE-2025-58360 vulnerability exploitation, based on the provided search results:

CISA KEV Status: CISA has added CVE-2025-58360 to its Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild ^[1]^[2]. CISA maintains the KEV catalog as an authoritative source of vulnerabilities that have been exploited ^[3].
Active Exploitation: The addition to the KEV catalog is based on evidence of active exploitation ^[1]^[2].
Targeted Attacks: While the search results confirm active exploitation, they do not explicitly state whether CVE-2025-58360 has been used in targeted attacks.
Internet-facing applications: While the search results confirm active exploitation, they do not explicitly state whether CVE-2025-58360 affects internet-facing applications.
Attack Vectors and Exploitation Methods: The search results do not provide specific details on the attack vectors or exploitation methods used for this vulnerability.
Technical Details: The search results lack specific technical details regarding the exploitability of this vulnerability.

CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2016 ...See more…
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.See more…
Known Exploited Vulnerabilities Catalog - CISA
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their ...See more…

🔴 CVE-2025-58360