OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request.
PoC: Bypass-CVE-2025-58360
A new way to exploit CVE-2025-58360 bypass WAF
PoC: CVE-2025-58360
Passive detection for CVE-2025-58360
PoC: CVE-2025-58360
XXE through a specific endpoint /geoserver/wms operation GetMap - Geoserver
PoC: Blackash-CVE-2025-58360
CVE-2025-58360
PoC: Blackash-CVE-2025-58360
CVE-2025-58360
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free