What is the CVSS score of CVE-2025-30220?

CVE-2025-30220 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L. EPSS exploitation probability: 8.4%.

Which versions of Geonetwork are affected by CVE-2025-30220?

A critical XML processing vulnerability (CVE-2025-30220) affects GeoServer, GeoTools, and GeoNetwork installations, allowing remote attackers to extract sensitive data or execute arbitrary code…. A patch is available.

Is there a public PoC exploit available for CVE-2025-30220?

Yes, a public proof-of-concept exploit is available for CVE-2025-30220. Prioritise patching immediately. EPSS: 8.4%.

How to fix or mitigate CVE-2025-30220?

Within 24 hours: Identify all instances of affected GeoServer, GeoTools, and GeoNetwork versions in your environment and assess internet exposure. Within 7 days: Apply vendor patches (GeoServer 2.27.1/2.26.3/2.25.7, GeoTools 33.1/32.3/31.7/28.6.1, GeoNetwork 4.4.8/4.2.13) to all affected systems, prioritizing internet-facing deployments. Within 30 days: Verify patch deployment across the entire estate, validate functionality post-patching, and review logs for exploitation attempts.

Geonetwork CVE-2025-30220

EUVD-2025-17683 CRITICAL

Improper Restriction of XML External Entity Reference (CWE-611)

2025-06-10 security-advisories@github.com

GHSA-jj54-8f66-c5pc

XXE Geonetwork Geotools Geoserver

9.9

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

9.9 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17683

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

Patch released

Mar 14, 2026 - 19:49 nvd

Patch available

PoC Detected

Aug 26, 2025 - 16:10 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 16:15 nvd

CRITICAL 9.9

DescriptionGitHub Advisory

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.

AnalysisAI

A remote code execution vulnerability in GeoServer (CVSS 9.9) that allows users. Risk factors: public PoC available. Vendor patch is available.

Technical ContextAI

CWE-611 (XML External Entity). CVSS 9.9 indicates critical severity with likely remote exploitation vector. Affects GeoServer.

RemediationAI

Apply the vendor-supplied patch immediately.

CVE-2025-30220 vulnerability details – vuln.today

Back