CVE-2025-58360 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-11-25

Added to CISA KEV: 2025-12-11 16 DAYS BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update GeoServer to version 2.25.6, 2.26.2, or 2.27.0+
Monitor WMS GetMap requests for suspicious XML payloads containing external entity references
Review server logs for XXE exploitation attempts and unauthorized file access
Implement XML input validation and disable external entity processing if patching is not immediately possible
HIGHEST patch priority - actively exploited unauthenticated vulnerability

CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2016 ...See more
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.See more
Known Exploited Vulnerabilities Catalog - CISA
CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their ...See more

🔴 CVE-2025-58360