Upgrade to Geoserver 2.28.1 urgently!

By Kris -

GeoServer users should upgrade to the 2.28.1 release immediately to address critical security vulnerabilities that are actively being exploited in the wild. 

The most severe issue, CVE-2025-58360 (CVSS 9.8), is an unauthenticated XML External Entity (XXE) vulnerability in the WMS GetMap endpoint that allows attackers to read arbitrary files, perform port scanning, or launch Server-Side Request Forgery (SSRF) attacks. 

Additionally, this release patches a moderate-severity Reflected Cross-Site Scripting (XSS) flaw CVE-2025-21621 that enables a remote attacker to execute arbitrary JavaScript code in a victim's browser through specially crafted SLD_BODY parameters.

Because these flaws pose a significant risk to production systems and have already been added to CISA's Known Exploited Vulnerabilities catalog, upgrading is considered a mandatory step for maintaining the integrity and security of geospatial data environments.

[1] https://geoserver.org/announcements/vulnerability/2025/11/25/geoserver-2-28-1-released.html 
[2] https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525
[3] https://github.com/advisories/GHSA-w66h-j855-qr72 

Comments

Post a Comment

Popular posts from this blog

The biggest java security vulnerability of 2021

By Kris -
If you use Log4j please update your libraries to the latest non affected version.  Recommended version is  2.17.0 . 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution (RCE) by logging a certain string. https://www.lunasec.io/docs/blog/log4j-zero-day 
Read more