Most Exploited Internet-Facing Products

MEIFP

Back to Ranking

geoserver

Products: geoserver

81.1

Score

4

CVEs

2

Active

2

PoC

2

KEV

#29

Rank

Period:

Product:

CVE ID	Published	CVSS	Exploit	KEV	AC	PR	Auto	Score(hover)	Affected Products	Description
CVE-2025-58360	2025-11-25	8.2v3.1	ACTIVE		Low	None	YES	40.6	geoserver	GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. Ho
CVE-2024-35230	2024-12-16	5.3v3.1	POC	—	Low	None	YES	0.0	geoserver	GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive
CVE-2024-36401	2024-07-01	9.8v3.1	ACTIVE		Low	None	YES	40.6	geoserver	GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer install
CVE-2023-51444	2024-03-20	7.2v3.1	POC	—	Low	High	no	0.0	geoserver	GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with permissions to modify coverage stores through the RES

Each CVE: 10 pts base (Active only), boosted by:

KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3