If attackers successfully exploit vulnerabilities in GeoServer, they can execute malicious code, among other things. In current versions, the developers have now resolved the security issues.
Continue after ad
Protecting Systems
Attackers can, for example, trick victims into processing prepared XML files (CVE-2025-58360 "high"), the processing of which leads to errors. This causes services to crash (DoS attack) or attackers to gain access to information that should be isolated, as the developers state in a warning message.
Through the second vulnerability (CVE-2025-21621 "medium," Reflected XXS), malicious code can get onto systems. The releases 2.26.3, 2.25.6, and 2.27.0 are intended to be equipped to handle this. So far, there are no reports of attacks.
