CVE-2025-58360 | GeoServer up to 2.25.5/2.26.1 /geoserver/wms xml external entity reference (GHSA-fjf5-xgmq-5525)

A vulnerability identified as problematic has been detected in GeoServer up to 2.25.5/2.26.1. The affected element is an unknown function of the file /geoserver/wms. This manipulation causes xml external entity reference.

The identification of this vulnerability is CVE-2025-58360. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More