To access material, start machines and answer questions login.
An External Entity () vulnerability was discovered in GeoServer (opens in new tab) in late 2025 and assigned -2025-58360 (opens in new tab). This flaw allows unauthenticated attackers to perform arbitrary file reads on the host server and abuse the application for Server-Side Request Forgery (). The vulnerability received a critical severity rating, with a score of 9.8, as assessed by .
GeoServer is widely used by governments and private organizations to publish and manage geospatial data, making vulnerabilities in this platform particularly impactful when exposed to the internet. In this room, we will explore GeoServer and its role in real-world infrastructure, walk through exploitation using crafted payloads, analyze artifacts left by an attacker, and discuss detection methods.
Learning Objectives
- Understand the role of GeoServer in modern geospatial systems
- Explain how vulnerabilities arise in parsers
- Exploit the vulnerability to retrieve sensitive system files
- Analyze web access logs and GeoServer application logs to detect exploitation activity
Room Prerequisites
Some familiarity with the command line and prior exposure to and vulnerabilities will be helpful. However, all required commands are provided in the walkthrough.
- Check out Injection for an overview of vulnerabilities
Lab Access
Start the lab machine by clicking the Start Lab Machine button below. To attack the target , use the AttackBox by clicking Start AttackBox, or connect using your own machine via .
Set up your virtual environment
I understand the learning objectives and am ready to get started with CVE-2025-58360!
Ready to learn Cyber Security?
The GeoServer: CVE-2025-58360 room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in
