- Description
- XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed after a user with script, admin, or programming rights edited the page. Such a malicious script could impact the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in versions 15.10.8 and 16.2.0.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
🚨 CVE-2025-32974 ⚠️🔴 CRITICAL (9.1) 🏢 xwiki - xwiki-platform 🏗️ >= 15.9-rc-1, < 15.10.8 🔗 https://t.co/i4CMSuE5se 🔗 https://t.co/ckqI4pF6v9 🔗 https://t.co/BBMTHT4JRc #CyberCron #VulnAlert #InfoSec https://t.co/8nXGX0yE4Y
@cybercronai
2 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-32974 XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't co… https://t.co/xM2rsDGXN9
@CVEnew
30 Apr 2025
303 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-32974: CRITICAL] XWiki versions 15.9 to 15.10.8 and 16.0.0 to 16.2.0 had a security flaw. Proper rights weren't checked leading to potential malicious code execution. Update to 15.10.8 or 16.2.0.#cve,CVE-2025-32974,#cybersecurity https://t.co/FaZq7cxntj https://t.co/PAx
@CveFindCom
30 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "533AB212-6F11-49BA-A6CA-D051515D0BEA",
"versionEndExcluding": "15.10.8",
"versionStartIncluding": "15.9"
},
{
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "045A8E1F-5210-4F17-AC25-0317FDD61BDA",
"versionEndExcluding": "16.2.0",
"versionStartIncluding": "16.0.0"
}
],
"operator": "OR"
}
]
}
]