CVE-2025-55747

Critical CVSS: 9.3

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.

Vendor

Xwiki

Product

Xwiki

CWE

CWE-23

Yayın Tarihi

2025-09-03 21:15:31

Güncelleme

2025-09-10 17:47:28

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-23 Xwiki CRITICAL Xwiki 2025

Referanslar

https://github.com/xwiki/xwiki-platform/commit/9e7b4c03f2143978d891109a17159f73d4cdd318#diff-45ea9c87d5fb68cd5db0da7f78cf25e76f1325f5fe56e21618b21786fc706236R80-R81 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qww7-89xh-x7m7 https://jira.xwiki.org/browse/XWIKI-19350

Benzer Kayıtlar

Medium

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0…

Medium

CVE-2026-24128

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-mi…

Medium

CVE-2025-65090

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights…

Critical

CVE-2025-65091

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right t…

High

CVE-2025-66474

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) int…

Medium

CVE-2025-66472

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-mi…