GeoServer: CVE-2025-58360

Jan 27 · 16 min read · In late 2025, security researchers discovered CVE-2025-58360, a critical XML External Entity (XXE) vulnerability in GeoServer that's currently being actively exploited in the wild. With a CVSS score of 9.8, this vulnerability allows unauthenticated a...