GeoServer Security Update Advisory (CVE-2025-58360)

Dec 02 2025

Overview

We have released a security update to address a vulnerability in GeoServer. Affected product users are advised to update to the latest version.

Affected Products

CVE-2025-58360

GeoServer version: 2.26.0 or later and 2.26.1 or earlier
GeoServer versions: 2.25.5 and earlier

Resolved Vulnerabilities

XML External Entity (XXE) Vulnerability in GeoServer WMS GetMap (CVE-2025-58360)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-58360

GeoServer version: 2.26.2
GeoServer version: 2.25.6

References

[1] Unauthenticated XML External Entities (XXE) via WMS GetMap operation
https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525

GeoServer Security Update Advisory (CVE-2025-58360)

SolarWinds Product Security Update Advisory

Advisory for a security update to the astral-tokio-tar library (CVE-2025-62518)

Tags:

SolarWinds Product Security Update Advisory

Advisory for a security update to the astral-tokio-tar library (CVE-2025-62518)