The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. Tracked as CVE-2025-58360, the vulnerability has a high severity rating with a CVSS score of 8.2. Successful exploitation of the vulnerability may allow an attacker to retrieve arbitrary files from the server’s file system. GeoServer is an open-source server software written … Continue reading “CISA Warns Actively Exploited GeoServer Unauthenticated XML XXE Vulnerability (CVE-2025-58360)”
Tag: XML eXternal Entity (XXE) Vulnerability
Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)
Ivanti has warned users to patch an XML external entity vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways. CVE-2024-22024 may allow an attacker to access certain restricted resources without authentication. Ivanti has mentioned in the advisory, “We have no evidence of this vulnerability being exploited in the wild as it was found during our internal review … Continue reading “Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)”