module
GeoServer WMS GetMap XXE Arbitrary File Read
| Disclosed |
|---|
| Nov 25, 2025 |
Disclosed
Nov 25, 2025
Description
This module exploits an XML External Entity (XXE) vulnerability in GeoServer
via the WMS GetMap operation. The vulnerability allows reading arbitrary files
from the server's file system by injecting an XXE entity in the SLD (Styled Layer Descriptor).
Affected versions:
- GeoServer >= 2.26.0,
- GeoServer
The file content is returned in the error message when the layer name contains
the XXE entity reference.
via the WMS GetMap operation. The vulnerability allows reading arbitrary files
from the server's file system by injecting an XXE entity in the SLD (Styled Layer Descriptor).
Affected versions:
- GeoServer >= 2.26.0,
- GeoServer
The file content is returned in the error message when the layer name contains
the XXE entity reference.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.