{"id":52821,"date":"2025-06-17T00:18:43","date_gmt":"2025-06-17T00:18:43","guid":{"rendered":""},"modified":"2025-09-16T00:11:51","modified_gmt":"2025-09-16T06:11:51","slug":"cve-2025-30220-high-severity-xml-external-entity-xxe-vulnerability-in-geoserver-geotools-and-geonetwork","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-30220-high-severity-xml-external-entity-xxe-vulnerability-in-geoserver-geotools-and-geonetwork\/","title":{"rendered":"CVE-2025-30220: High Severity XML External Entity (XXE) Vulnerability in GeoServer, GeoTools, and GeoNetwork<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the ever-evolving landscape of cybersecurity threats, a significant vulnerability, CVE-2025-30220, has surfaced, affecting users of the open-source GeoServer, GeoTools, and GeoNetwork platforms. As these platforms allow users to share, edit, and manage geospatial data, this vulnerability poses a significant risk to a multitude of organizations that rely on these systems to maintain their critical geospatial data.
\nThis vulnerability is particularly concerning due to its high severity, as indicated by the CVSS score of 9.9, and the potential for system compromise<\/a> and data leakage. It underscores the need for ongoing vigilance and regular patch updates to ensure the integrity and security of systems and data<\/a>.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-30220
\nSeverity: High (9.9)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n