Serial number: AV25-789
Date: November 28, 2025
Updated: December 12, 2025
On November 25, 2025, GeoServer published a security advisory to address vulnerabilities in the following products:
- GeoServer – versions prior to 2.28.1
- GeoTools – versions prior to 34.1
- GeoWebCache – versions prior to 1.28
Open-source reporting indicates that an exploit for CVE-2025-58360 exists in the wild.
Update 1
On December 11, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-58360 to their Known Exploited Vulnerabilities (KEV) Database.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.