The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. Tracked as CVE-2025-58360, the vulnerability has a high severity rating with a CVSS score of 8.2. Successful exploitation of the vulnerability may allow an attacker to retrieve arbitrary files from the server’s file system. GeoServer is an open-source server software written … Continue reading “CISA Warns Actively Exploited GeoServer Unauthenticated XML XXE Vulnerability (CVE-2025-58360)”
Tag: GeoServer
jai-ext Remote Code Execution Vulnerability (CVE-2022-24816)
jai-ext, a JAI extension API, is vulnerable to a command injection vulnerability. Assigned with CVE-2022-24816, the vulnerability may allow an attacker to execute code remotely on a vulnerable system. The vulnerability is rated as critical and has a CVSSv3 base score of 9.8. Security researchers at Synacktiv have released a PoC. GeoServer is an … Continue reading “jai-ext Remote Code Execution Vulnerability (CVE-2022-24816)”