Skip to main content
Room Banner
Back to all walkthroughs
Room Icon

GeoServer: CVE-2025-58360

Max room.

Explore the GeoServer XXE vulnerability CVE-2025-58360 from exploit to defense.

medium

60 min

3,391

User profile photo.
User profile photo.

To access material, start machines and answer questions login.

An External Entity () vulnerability was discovered in GeoServer (opens in new tab) in late 2025 and assigned -2025-58360 (opens in new tab). This flaw allows unauthenticated attackers to perform arbitrary file reads on the host server and abuse the application for Server-Side Request Forgery (). The vulnerability received a critical severity rating, with a score of 9.8, as assessed by .

GeoServer is widely used by governments and private organizations to publish and manage geospatial data, making vulnerabilities in this platform particularly impactful when exposed to the internet. In this room, we will explore GeoServer and its role in real-world infrastructure, walk through exploitation using crafted payloads, analyze artifacts left by an attacker, and discuss detection methods.

Learning Objectives

  • Understand the role of GeoServer in modern geospatial systems
  • Explain how vulnerabilities arise in parsers
  • Exploit the vulnerability to retrieve sensitive system files
  • Analyze web access logs and GeoServer application logs to detect exploitation activity

Room Prerequisites

Some familiarity with the command line and prior exposure to and vulnerabilities will be helpful. However, all required commands are provided in the walkthrough.

Lab Access

Start the lab machine by clicking the Start Lab Machine button below. To attack the target , use the AttackBox by clicking Start AttackBox, or connect using your own machine via .

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine
Status:Off
Answer the questions below

I understand the learning objectives and am ready to get started with CVE-2025-58360!