216.73.217.64

CVE-2025-29926

· Published 19/03/2025 18:15 · Modified 19/03/2025 18:15

Labels: CVE-2025-29926 2025-03-19CVE-2025-29926CWE-285[email protected]

Essential information

Published
19/03/2025 18:15
Modified
19/03/2025 18:15
Author
Creator
CVSS
7.9 HIGH (v3) 7.9 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard by default: it needs to be installed manually through the extension manager. The problem has been patched in versions 15.10.15, 16.4.6 and 16.10.0 of the REST module.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
xwiki / xwiki platform cpe:2.3:a:xwiki:xwiki_platform:*:*:*:*:*:*:*:*
xwiki / xwiki platform cpe:2.3:a:xwiki:xwiki_platform:15.10.15:*:*:*:*:*:*:*
xwiki / xwiki platform cpe:2.3:a:xwiki:xwiki_platform:16.4.6:*:*:*:*:*:*:*
xwiki / xwiki platform cpe:2.3:a:xwiki:xwiki_platform:16.10.0:*:*:*:*:*:*:*

References