CISA orders feds to patch actively exploited Geoserver flawCISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. [...] December 12, 2025
