AI description
CVE-2025-32429 is a SQL injection vulnerability found in XWiki Platform, a generic wiki platform. The vulnerability affects versions 9.4-rc-1 through 16.10.5, and 17.0.0-rc-1 through 17.2.2. The vulnerability allows anyone to inject SQL code using the `sort` parameter of the `getdeleteddocuments.vm`. The injected code is used as an `ORDER BY` value without sanitization. To address this vulnerability, XWiki has released patched versions 16.10.6 and 17.3.0-rc-1. There are no known workarounds besides upgrading XWiki.
- Description
- XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- xwiki
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-89
- Hype score
- Not currently trending
csirt_it: ‼ #XWiki: disponibile un #PoC per lo sfruttamento della CVE-2025-32429 Rischio: 🟠 Tipologia: 🔸 Security Restrictions Bypass 🔗 https://t.co/g84LA09UN9 ⚠ Importante mantenere aggiornati i sistemi https://t.co/KGVB9PRntD
@Vulcanux_
30 Jul 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼ #XWiki: disponibile un #PoC per lo sfruttamento della CVE-2025-32429 Rischio: 🟠 Tipologia: 🔸 Security Restrictions Bypass 🔗 https://t.co/M1mgZfjCse ⚠ Importante mantenere aggiornati i sistemi https://t.co/DIuNYynsle
@csirt_it
30 Jul 2025
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32429 : A blind SQL Injection vulnerability checker #CVE-2025-32429 #blindSQLInjection #SQLInjection https://t.co/P2GWoQ5Ikg
@d4rk_c0r3
28 Jul 2025
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️⚠️ CVE-2025-32429 : A blind SQL Injection vulnerability exists in XWiki Platform 🔥PoC: https://t.co/VULP986YbR 🎯6k+ Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/BDTmQwlPG8 FOFA Query:app="XWIKI-Platform" 🔖Refer:https:/
@fofabot
28 Jul 2025
1949 Impressions
13 Retweets
38 Likes
20 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-32429 : A blind SQL Injection Vulnerability in XWiki Platform 🔥PoC :https://t.co/PHtFOpuRV0 📊6.9K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/a95SnTfdxo 👇Query HUNTER : https://t.co/q9rtuGfZuz="XWiki" ht
@HunterMapping
28 Jul 2025
4369 Impressions
29 Retweets
90 Likes
37 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2021-27954 2 - CVE-2025-53770 3 - CVE-2025-23266 4 - CVE-2025-22230 5 - CVE-2025-32429 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - byteReaper77/CVE-2025-32429: Exploit for CVE-2025-32429 – SQLi in XWiki REST API (getdeleteddocuments.vm). - https://t.co/RR1Qk2YjRg
@piedpiper1616
26 Jul 2025
1144 Impressions
13 Retweets
13 Likes
7 Bookmarks
0 Replies
0 Quotes
🚨 New CVE dropped: CVE-2025-32429 - Blind SQL Injection in XWiki - curl-based PoC in C released - GitHub:https://t.co/67EuhL943i #infosec #xwiki #cve #exploit
@byte_reaper
25 Jul 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32429 SQL Injection Vulnerability in XWiki Platform Versions 9.4-rc-1 T... https://t.co/kqQJCR4KV4 Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
25 Jul 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32429 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through … https://t.co/NFhkojZx4R
@CVEnew
24 Jul 2025
402 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-32429: CRITICAL] Warning: XWiki Platform versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2 have a SQL injection vulnerability. Update to secure versions 16.10.6 or 17.3.0-rc-1.#cve,CVE-2025-32429,#cybersecurity https://t.co/0zxHVBruW0 https://t.co/ucktTKG
@CveFindCom
24 Jul 2025
63 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5EC45F9-9CC2-46A8-835F-C0C03E22FEF2",
"versionEndExcluding": "16.10.6",
"versionStartIncluding": "9.4"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAB2B86E-1053-4B68-8553-B73C003453E9",
"versionEndIncluding": "17.2.2",
"versionStartIncluding": "17.0.0"
}
],
"operator": "OR"
}
]
}
]