How to fix CVE-2025-30220?

Within 24 hours: Identify all instances of affected GeoServer, GeoTools, and GeoNetwork versions in your environment and assess internet exposure. Within 7 days: Apply vendor patches (GeoServer 2.27.1/2.26.3/2.25.7, GeoTools 33.1/32.3/31.7/28.6.1, GeoNetwork 4.4.8/4.2.13) to all affected systems, prioritizing internet-facing deployments. Within 30 days: Verify patch deployment across the entire estate, validate functionality post-patching, and review logs for exploitation attempts.

Is Geonetwork affected by CVE-2025-30220?

A critical XML processing vulnerability (CVE-2025-30220) affects GeoServer, GeoTools, and GeoNetwork installations, allowing remote attackers to extract sensitive data or execute arbitrary code through maliciously crafted XML documents.

CVE-2025-30220

EUVD-2025-17683 CRITICAL

2025-06-10 [email protected]

GHSA-jj54-8f66-c5pc

9.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2025-17683

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

Patch Released

Mar 14, 2026 - 19:49 nvd

Patch available

PoC Detected

Aug 26, 2025 - 16:10 vuln.today

Public exploit code

CVE Published

Jun 10, 2025 - 16:15 nvd

CRITICAL 9.9

Description

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity (XXE) exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in parsing, when the documents carry a reference to an external XML schema. The gt-xsd-core Schemas class is not using the EntityResolver provided by the ParserHandler (if any was configured). This also impacts users of gt-wfs-ng DataStore where the ENTITY_RESOLVER connection parameter was not being used as intended. This vulnerability is fixed in GeoTools 33.1, 32.3, 31.7, and 28.6.1, GeoServer 2.27.1, 2.26.3, and 2.25.7, and GeoNetwork 4.4.8 and 4.2.13.

Analysis

A remote code execution vulnerability in GeoServer (CVSS 9.9) that allows users. Risk factors: public PoC available. Vendor patch is available.

Technical Context

CWE-611 (XML External Entity). CVSS 9.9 indicates critical severity with likely remote exploitation vector. Affects GeoServer.

Affected Products

['GeoServer']

Remediation

Apply the vendor-supplied patch immediately.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +8.4

CVSS: +50

POC: +20

CVE-2025-30220 vulnerability details – vuln.today

Back

CVE-2025-30220

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-30220

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code