Refine your search
5 vulnerabilities found for by xwiki
CVE-2025-66474 (GCVE-0-2025-66474)
Vulnerability from cvelistv5
Published
2025-12-10 21:59
Modified
2025-12-11 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Summary
XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/html}} injection, which attackers can exploit through RCE. Any user who can edit their own profile or any other document can execute arbitrary script macros, including Groovy and Python macros, which enable remote code execution as well as unrestricted read and write access to all wiki contents. This issue is fixed in versions 16.10.10, 17.4.3 and 17.6.0-rc-1.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xwiki | xwiki-rendering |
Version: < 16.10.10 Version: >= 17.0.0-rc-1, < 17.4.3 Version: >= 17.5.0-rc-1, < 17.6.0-rc-1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66474",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:39:13.257183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:39:27.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-793"
},
{
"tags": [
"exploit"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-792"
},
{
"tags": [
"exploit"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-693"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-rendering",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 16.10.10"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-rc-1, \u003c 17.4.3"
},
{
"status": "affected",
"version": "\u003e= 17.5.0-rc-1, \u003c 17.6.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against {{/html}} injection, which attackers can exploit through RCE. Any user who can edit their own profile or any other document can execute arbitrary script macros, including Groovy and Python macros, which enable remote code execution as well as unrestricted read and write access to all wiki contents. This issue is fixed in versions 16.10.10, 17.4.3 and 17.6.0-rc-1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:59:58.727Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-9xc6-c2rm-f27p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-9xc6-c2rm-f27p"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/12b780ccd5bca5fc8f74f46648d7e02fa04fbc11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/12b780ccd5bca5fc8f74f46648d7e02fa04fbc11"
},
{
"name": "https://github.com/xwiki/xwiki-rendering/commit/9b71a2ee035815cfc29cebbfe81dbdd98f941d49",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-rendering/commit/9b71a2ee035815cfc29cebbfe81dbdd98f941d49"
},
{
"name": "https://jira.xwiki.org/browse/XRENDERING-693",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-693"
},
{
"name": "https://jira.xwiki.org/browse/XRENDERING-792",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-792"
},
{
"name": "https://jira.xwiki.org/browse/XRENDERING-793",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-793"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-23378",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-23378"
}
],
"source": {
"advisory": "GHSA-9xc6-c2rm-f27p",
"discovery": "UNKNOWN"
},
"title": "XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66474",
"datePublished": "2025-12-10T21:59:58.727Z",
"dateReserved": "2025-12-02T16:23:01.098Z",
"dateUpdated": "2025-12-11T15:39:27.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66473 (GCVE-0-2025-66473)
Vulnerability from cvelistv5
Published
2025-12-10 21:51
Modified
2025-12-11 15:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the /rest/wikis/xwiki/spaces resource returns all spaces on the wiki by default, which are basically all pages. This issue is fixed in versions 17.4.4 and 16.10.11.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xwiki | xwiki-platform |
Version: < 16.10.11 Version: >= 17.0.0-rc-1, < 17.4.4 Version: >= 17.5.0-rc-1, < 17.7.0-rc-1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66473",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:39:41.356268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:39:53.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jira.xwiki.org/browse/XWIKI-23355"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 16.10.11"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-rc-1, \u003c 17.4.4"
},
{
"status": "affected",
"version": "\u003e= 17.5.0-rc-1, \u003c 17.7.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn\u0027t enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the /rest/wikis/xwiki/spaces resource returns all spaces on the wiki by default, which are basically all pages. This issue is fixed in versions 17.4.4 and 16.10.11."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:51:55.836Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cc84-q3v3-mhgf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cc84-q3v3-mhgf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e3c47745195fb445b054537be86f5c01ee69558b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e3c47745195fb445b054537be86f5c01ee69558b"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-23355",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-23355"
}
],
"source": {
"advisory": "GHSA-cc84-q3v3-mhgf",
"discovery": "UNKNOWN"
},
"title": "XWiki\u0027s REST APIs don\u0027t enforce any limits, leading to unavailability and OOM in large wikis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66473",
"datePublished": "2025-12-10T21:51:55.836Z",
"dateReserved": "2025-12-02T16:23:01.097Z",
"dateUpdated": "2025-12-11T15:39:53.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66472 (GCVE-0-2025-66472)
Vulnerability from cvelistv5
Published
2025-12-10 21:34
Modified
2025-12-11 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack through a deletion confirmation message. The attacker-supplied script is executed when the victim clicks the "No" button. This issue is fixed in versions 16.10.10 and 17.4.2 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xwiki | xwiki-platform |
Version: org.xwiki.platform:xwiki-platform-flamingo-skin-resources >= 6.2-milestone-1, < 16.10.10 Version: org.xwiki.platform:xwiki-platform-flamingo-skin-resources >= 17.0.0-rc-1, < 17.4.2 Version: org.xwiki.platform:xwiki-platform-web-templates >= 6.2-milestone-1, < 16.10.10 Version: org.xwiki.platform:xwiki-platform-web-templates >= 17.0.0-rc-1, < 17.4.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-11T15:40:26.291295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-11T15:40:38.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-flamingo-skin-resources \u003e= 6.2-milestone-1, \u003c 16.10.10"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-flamingo-skin-resources \u003e= 17.0.0-rc-1, \u003c 17.4.2"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-web-templates \u003e= 6.2-milestone-1, \u003c 16.10.10"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-web-templates \u003e= 17.0.0-rc-1, \u003c 17.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack through a deletion confirmation message. The attacker-supplied script is executed when the victim clicks the \"No\" button. This issue is fixed in versions 16.10.10 and 17.4.2 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-10T21:34:47.460Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vpr-jm38-wr7w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/cb578b1b2910d06e9dd7581077072d1cfbd280f2"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-23244",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-23244"
}
],
"source": {
"advisory": "GHSA-7vpr-jm38-wr7w",
"discovery": "UNKNOWN"
},
"title": "XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66472",
"datePublished": "2025-12-10T21:34:47.460Z",
"dateReserved": "2025-12-02T15:43:16.586Z",
"dateUpdated": "2025-12-11T15:40:38.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55749 (GCVE-0-2025-55749)
Vulnerability from cvelistv5
Published
2025-12-01 20:09
Modified
2025-12-01 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xwiki | xwiki-platform |
Version: >= 16.7.0, < 16.10.11 Version: >= 17.0.0-rc1, < 17.4.4 Version: >= 17.5.0, < 17.7.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55749",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T20:34:46.305442Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T20:34:50.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 16.7.0, \u003c 16.10.11"
},
{
"status": "affected",
"version": "\u003e= 17.0.0-rc1, \u003c 17.4.4"
},
{
"status": "affected",
"version": "\u003e= 17.5.0, \u003c 17.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T20:09:46.410Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-53gx-j3p6-2rw9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-53gx-j3p6-2rw9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/42fb063749dd88cc78196f72d7318b7179285ebd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/42fb063749dd88cc78196f72d7318b7179285ebd"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/99a04a0e2143583f5154a43e02174155da7e8e10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/99a04a0e2143583f5154a43e02174155da7e8e10"
},
{
"name": "https://github.com/xwiki/xwiki-platform/compare/8b68d8a70b43f25391b3ee48477d7eb71b95cf4b...99a04a0e2143583f5154a43e02174155da7e8e10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/compare/8b68d8a70b43f25391b3ee48477d7eb71b95cf4b...99a04a0e2143583f5154a43e02174155da7e8e10"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-23438",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-23438"
}
],
"source": {
"advisory": "GHSA-53gx-j3p6-2rw9",
"discovery": "UNKNOWN"
},
"title": "The XWiki Jetty package (XJetty) allows accessing any application file through URL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-55749",
"datePublished": "2025-12-01T20:09:46.410Z",
"dateReserved": "2025-08-14T22:31:17.685Z",
"dateUpdated": "2025-12-01T20:34:50.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24893 (GCVE-0-2025-24893)
Vulnerability from cvelistv5
Published
2025-02-20 19:19
Modified
2025-10-30 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `<host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xwiki | xwiki-platform |
Version: >= 5.3-milestone-2, < 15.10.11 Version: >= 16.0.0-rc-1, < 16.4.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24893",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T03:56:04.387333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24893"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T22:20:24.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24893"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T00:00:00+00:00",
"value": "CVE-2025-24893 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3-milestone-2, \u003c 15.10.11"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to `\u003chost\u003e/xwiki/bin/get/Main/SolrSearch?media=rss\u0026text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28\"Hello%20from\"%20%2B%20\"%20search%20text%3A\"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20`. If there is an output, and the title of the RSS feed contains `Hello from search text:42`, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit `Main.SolrSearchMacros` in `SolrSearchMacros.xml` on line 955 to match the `rawResponse` macro in `macros.vm#L2824` with a content type of `application/xml`, instead of simply outputting the content of the feed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:19:10.597Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/67021db9b8ed26c2236a653269302a86bf01ef40",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/67021db9b8ed26c2236a653269302a86bf01ef40"
},
{
"name": "https://github.com/xwiki/xwiki-platform/blob/568447cad5172d97d6bbcfda9f6183689c2cf086/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-ui/src/main/resources/Main/SolrSearchMacros.xml#L955",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/blob/568447cad5172d97d6bbcfda9f6183689c2cf086/xwiki-platform-core/xwiki-platform-search/xwiki-platform-search-solr/xwiki-platform-search-solr-ui/src/main/resources/Main/SolrSearchMacros.xml#L955"
},
{
"name": "https://github.com/xwiki/xwiki-platform/blob/67021db9b8ed26c2236a653269302a86bf01ef40/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/macros.vm#L2824",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/blob/67021db9b8ed26c2236a653269302a86bf01ef40/xwiki-platform-core/xwiki-platform-web/xwiki-platform-web-templates/src/main/resources/templates/macros.vm#L2824"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-22149",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-22149"
}
],
"source": {
"advisory": "GHSA-rr6p-3pfg-562j",
"discovery": "UNKNOWN"
},
"title": "Remote code execution as guest via SolrSearchMacros request in xwiki"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-24893",
"datePublished": "2025-02-20T19:19:10.597Z",
"dateReserved": "2025-01-27T15:32:29.451Z",
"dateUpdated": "2025-10-30T22:20:24.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}