automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 259180e73de6 · 2025-12-30T13:48:29.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -22908,6 +22908,62 @@
     "needs_cleanup": false,
     "actions": []
   },
+  "auxiliary_gather/geoserver_wms_getmap_xxe_file_read": {
+    "name": "GeoServer WMS GetMap XXE Arbitrary File Read",
+    "fullname": "auxiliary/gather/geoserver_wms_getmap_xxe_file_read",
+    "aliases": [],
+    "rank": 300,
+    "disclosure_date": "2025-11-25",
+    "type": "auxiliary",
+    "author": [
+      "xbow-security",
+      "Valentin Lobstein <chocapikk@leakix.net>",
+      "Julien Voisin"
+    ],
+    "description": "This module exploits an XML External Entity (XXE) vulnerability in GeoServer\n          via the WMS GetMap operation. The vulnerability allows reading arbitrary files\n          from the server's file system by injecting an XXE entity in the SLD (Styled Layer Descriptor).\n\n          Affected versions:\n          - GeoServer >= 2.26.0, <= 2.26.1\n          - GeoServer <= 2.25.5\n\n          The file content is returned in the error message when the layer name contains\n          the XXE entity reference.",
+    "references": [
+      "CVE-2025-58360",
+      "URL-https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2025-12-13 17:42:02 +0000",
+    "path": "/modules/auxiliary/gather/geoserver_wms_getmap_xxe_file_read.rb",
+    "is_install_path": true,
+    "ref_name": "gather/geoserver_wms_getmap_xxe_file_read",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": false,
+    "actions": []
+  },
   "auxiliary_gather/gitlab_authenticated_subgroups_file_read": {
     "name": "GitLab Authenticated File Read",
     "fullname": "auxiliary/gather/gitlab_authenticated_subgroups_file_read",
