GeoServer – TheCyberThrone

GeoServer CVE-2025-58360 added to CISA KEV

Why this vulnerability matters CVE-2025-58360 is a recently disclosed XML External Entity (XXE) vulnerability in OSGeo GeoServer that has now been added to the CISA Known Exploited Vulnerabilities (KEV) catalog,…

PravinKarthik December 12, 2025

US Federal Agency Breached Via GeoServer Vulnerability

Introduction In September 2025, CISA confirmed that a major breach had impacted a US federal agency through the exploitation of a critical GeoServer bug (CVE-2024-36401). This incident illustrates how quickly…

PravinKarthik September 25, 2025

GeoServer Vulnerability CVE-2024-36401 exploited in attack campaigns

Researchers at FortiGuard Labs have uncovered multiple campaigns targeting a critical vulnerability in GeoServer, allows unauthenticated attackers to execute arbitrary code on affected systems, leading to serious consequences such as…

PravinKarthik September 6, 2024