CVE-2025-66473

High CVSS: 8.7

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the /rest/wikis/xwiki/spaces resource returns all spaces on the wiki by default, which are basically all pages. This issue is fixed in versions 17.4.4 and 16.10.11.

Vendor

Xwiki

Product

Xwiki

CWE

CWE-770

Yayın Tarihi

2025-12-10 22:16:27

Güncelleme

2025-12-19 17:14:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-770 Xwiki HIGH Xwiki 2025

Referanslar

https://github.com/xwiki/xwiki-platform/commit/e3c47745195fb445b054537be86f5c01ee69558b https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cc84-q3v3-mhgf https://jira.xwiki.org/browse/XWIKI-23355 https://jira.xwiki.org/browse/XWIKI-23355

Benzer Kayıtlar

Medium

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0…

Medium

CVE-2026-24128

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-mi…

Medium

CVE-2025-65090

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights…

Critical

CVE-2025-65091

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.5, users with the right t…

High

CVE-2025-66474

XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) int…

Medium

CVE-2025-66472

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-mi…