csaf_certbund - wid-sec-w-2025-0898

wid-sec-w-2025-0898

Vulnerability from csaf_certbund

Published

2025-04-28 22:00

Modified

2025-04-28 22:00

Summary

xwiki: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

XWiki ist eine Open-Source-Wiki-Software-Plattform, für die Erstellung und Verwaltung von Wikis und Knowledge-Management-Systemen

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in xwiki ausnutzen, um falsche Informationen darzustellen, einen Denial-of-Service auszulösen, Benutzerrechte zu erlangen oder Cross-Site-Scripting durchzuführen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "XWiki ist eine Open-Source-Wiki-Software-Plattform, f\u00fcr die Erstellung und Verwaltung von Wikis und Knowledge-Management-Systemen",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in xwiki ausnutzen, um falsche Informationen darzustellen, einen Denial-of-Service auszul\u00f6sen, Benutzerrechte zu erlangen oder Cross-Site-Scripting durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0898 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0898.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0898 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0898"
      },
      {
        "category": "external",
        "summary": "xwiki GitHub vom 2025-04-28",
        "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pjhg-9wr9-rj96"
      },
      {
        "category": "external",
        "summary": "xwiki GitHub vom 2025-04-28",
        "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-987p-r3jc-8c8v"
      },
      {
        "category": "external",
        "summary": "xwiki GitHub vom 2025-04-28",
        "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rp38-24m3-rx87"
      },
      {
        "category": "external",
        "summary": "xwiki GitHub vom 2025-04-28",
        "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x7wv-5qg4-vmr6"
      },
      {
        "category": "external",
        "summary": "xwiki GitHub vom 2025-04-28",
        "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mvgm-3rw2-7j4r"
      }
    ],
    "source_lang": "en-US",
    "title": "xwiki: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-04-28T22:00:00.000+00:00",
      "generator": {
        "date": "2025-04-29T11:16:31.102+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-0898",
      "initial_release_date": "2025-04-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c15.10.13",
                "product": {
                  "name": "Open Source xwiki \u003c15.10.13",
                  "product_id": "T043197"
                }
              },
              {
                "category": "product_version",
                "name": "15.10.13",
                "product": {
                  "name": "Open Source xwiki 15.10.13",
                  "product_id": "T043197-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xwiki:15.10.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.4.4",
                "product": {
                  "name": "Open Source xwiki \u003c16.4.4",
                  "product_id": "T043198"
                }
              },
              {
                "category": "product_version",
                "name": "16.4.4",
                "product": {
                  "name": "Open Source xwiki 16.4.4",
                  "product_id": "T043198-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xwiki:16.4.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.8.0",
                "product": {
                  "name": "Open Source xwiki \u003c16.8.0",
                  "product_id": "T043199"
                }
              },
              {
                "category": "product_version",
                "name": "16.8.0",
                "product": {
                  "name": "Open Source xwiki 16.8.0",
                  "product_id": "T043199-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xwiki:16.8.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.8.0-rc-1",
                "product": {
                  "name": "Open Source xwiki \u003c16.8.0-rc-1",
                  "product_id": "T043200"
                }
              },
              {
                "category": "product_version",
                "name": "16.8.0-rc-1",
                "product": {
                  "name": "Open Source xwiki 16.8.0-rc-1",
                  "product_id": "T043200-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xwiki:16.8.0-rc-1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.10.12",
                "product": {
                  "name": "Open Source xwiki \u003c15.10.12",
                  "product_id": "T043201"
                }
              },
              {
                "category": "product_version",
                "name": "15.10.12",
                "product": {
                  "name": "Open Source xwiki 15.10.12",
                  "product_id": "T043201-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xwiki:15.10.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.4.3",
                "product": {
                  "name": "Open Source xwiki \u003c16.4.3",
                  "product_id": "T043202"
                }
              },
              {
                "category": "product_version",
                "name": "16.4.3",
                "product": {
                  "name": "Open Source xwiki 16.4.3",
                  "product_id": "T043202-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xwiki:16.4.3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.10.8",
                "product": {
                  "name": "Open Source xwiki \u003c15.10.8",
                  "product_id": "T043203"
                }
              },
              {
                "category": "product_version",
                "name": "15.10.8",
                "product": {
                  "name": "Open Source xwiki 15.10.8",
                  "product_id": "T043203-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xwiki:15.10.8"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.2.0",
                "product": {
                  "name": "Open Source xwiki \u003c16.2.0",
                  "product_id": "T043204"
                }
              },
              {
                "category": "product_version",
                "name": "16.2.0",
                "product": {
                  "name": "Open Source xwiki 16.2.0",
                  "product_id": "T043204-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:xwiki:16.2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "xwiki"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32970",
      "product_status": {
        "known_affected": [
          "T043197",
          "T043198",
          "T043199"
        ]
      },
      "release_date": "2025-04-28T22:00:00.000+00:00",
      "title": "CVE-2025-32970"
    },
    {
      "cve": "CVE-2025-32971",
      "product_status": {
        "known_affected": [
          "T043197",
          "T043198",
          "T043200"
        ]
      },
      "release_date": "2025-04-28T22:00:00.000+00:00",
      "title": "CVE-2025-32971"
    },
    {
      "cve": "CVE-2025-32972",
      "product_status": {
        "known_affected": [
          "T043201",
          "T043202",
          "T043200"
        ]
      },
      "release_date": "2025-04-28T22:00:00.000+00:00",
      "title": "CVE-2025-32972"
    },
    {
      "cve": "CVE-2025-32973",
      "product_status": {
        "known_affected": [
          "T043201",
          "T043202",
          "T043200"
        ]
      },
      "release_date": "2025-04-28T22:00:00.000+00:00",
      "title": "CVE-2025-32973"
    },
    {
      "cve": "CVE-2025-32974",
      "product_status": {
        "known_affected": [
          "T043203",
          "T043204"
        ]
      },
      "release_date": "2025-04-28T22:00:00.000+00:00",
      "title": "CVE-2025-32974"
    }
  ]
}

CVE-2025-32970 (GCVE-0-2025-32970)

Vulnerability from cvelistv5

Published

2025-04-30 14:54

Modified

2025-04-30 15:19

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Summary

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0.

References

►

URL

Tags

	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pjhg-9wr9-rj96	x_refsource_CONFIRM
	https://github.com/xwiki/xwiki-platform/commit/6dab7909f45deb00efd36a0cd47788e95ad64802	x_refsource_MISC
	https://jira.xwiki.org/browse/XWIKI-22487	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Version: >= 13.5-rc-1, < 15.10.13 Version: >= 16.0.0-rc-1, < 16.4.4 Version: >= 16.5.0-rc-1, < 16.8.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32970",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:19:08.694162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:19:11.652Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-22487"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 13.5-rc-1, \u003c 15.10.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-rc-1, \u003c 16.4.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.5.0-rc-1, \u003c 16.8.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T14:54:52.008Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pjhg-9wr9-rj96",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pjhg-9wr9-rj96"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/6dab7909f45deb00efd36a0cd47788e95ad64802",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/6dab7909f45deb00efd36a0cd47788e95ad64802"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-22487",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-22487"
        }
      ],
      "source": {
        "advisory": "GHSA-pjhg-9wr9-rj96",
        "discovery": "UNKNOWN"
      },
      "title": "org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32970",
    "datePublished": "2025-04-30T14:54:52.008Z",
    "dateReserved": "2025-04-14T21:47:11.455Z",
    "dateUpdated": "2025-04-30T15:19:11.652Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32974 (GCVE-0-2025-32974)

Vulnerability from cvelistv5

Published

2025-04-30 14:55

Modified

2025-04-30 15:15

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-116 - Improper Encoding or Escaping of Output
CWE-269 - Improper Privilege Management

Summary

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed after a user with script, admin, or programming rights edited the page. Such a malicious script could impact the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in versions 15.10.8 and 16.2.0.

References

►

URL

Tags

	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mvgm-3rw2-7j4r	x_refsource_CONFIRM
	https://github.com/xwiki/xwiki-platform/commit/153dbfa2ef1a7a0a644fe3f889684c6a8738c5fc	x_refsource_MISC
	https://jira.xwiki.org/browse/XWIKI-22002	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Version: >= 15.9-rc-1, < 15.10.8 Version: >= 16.0.0-rc-1, < 16.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32974",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:15:48.847625Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:15:51.720Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-22002"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 15.9-rc-1, \u003c 15.10.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-rc-1, \u003c 16.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn\u0027t consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn\u0027t consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed after a user with script, admin, or programming rights edited the page. Such a malicious script could impact the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in versions 15.10.8 and 16.2.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116: Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T14:55:01.470Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mvgm-3rw2-7j4r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mvgm-3rw2-7j4r"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/153dbfa2ef1a7a0a644fe3f889684c6a8738c5fc",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/153dbfa2ef1a7a0a644fe3f889684c6a8738c5fc"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-22002",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-22002"
        }
      ],
      "source": {
        "advisory": "GHSA-mvgm-3rw2-7j4r",
        "discovery": "UNKNOWN"
      },
      "title": "org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn\u0027t consider TextAreas with default content type"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32974",
    "datePublished": "2025-04-30T14:55:01.470Z",
    "dateReserved": "2025-04-14T21:47:11.455Z",
    "dateUpdated": "2025-04-30T15:15:51.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32972 (GCVE-0-2025-32972)

Vulnerability from cvelistv5

Published

2025-04-30 14:54

Modified

2025-04-30 15:17

Severity ?

2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-285 - Improper Authorization

Summary

XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this vulnerability requires script right to exploit, and script right already allows unlimited execution of scripts, the additional impact due to this vulnerability is low. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1.

References

►

URL

Tags

	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rp38-24m3-rx87	x_refsource_CONFIRM
	https://github.com/xwiki/xwiki-platform/commit/91752122d8782f171f8728004a57bdaefc34253e	x_refsource_MISC
	https://jira.xwiki.org/browse/XWIKI-22462	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Version: >= 6.1-milestone-1, < 15.10.12 Version: >= 16.0.0-rc-1, < 16.4.3 Version: >= 16.5.0-rc-1, < 16.8.0-rc-1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32972",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:17:27.713068Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:17:31.398Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-22462"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 6.1-milestone-1, \u003c 15.10.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-rc-1, \u003c 16.4.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.5.0-rc-1, \u003c 16.8.0-rc-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this vulnerability requires script right to exploit, and script right already allows unlimited execution of scripts, the additional impact due to this vulnerability is low. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T14:54:58.945Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rp38-24m3-rx87",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rp38-24m3-rx87"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/91752122d8782f171f8728004a57bdaefc34253e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/91752122d8782f171f8728004a57bdaefc34253e"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-22462",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-22462"
        }
      ],
      "source": {
        "advisory": "GHSA-rp38-24m3-rx87",
        "discovery": "UNKNOWN"
      },
      "title": "The lesscss script service allows cache clearing without programming right"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32972",
    "datePublished": "2025-04-30T14:54:58.945Z",
    "dateReserved": "2025-04-14T21:47:11.455Z",
    "dateUpdated": "2025-04-30T15:17:31.398Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32973 (GCVE-0-2025-32973)

Vulnerability from cvelistv5

Published

2025-04-30 14:55

Modified

2025-04-30 15:15

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-862 - Missing Authorization

Summary

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1.

References

►

URL

Tags

	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x7wv-5qg4-vmr6	x_refsource_CONFIRM
	https://github.com/xwiki/xwiki-platform/commit/1a6f1b2e050770331c9a63d12a3fd8a36d199f62	x_refsource_MISC
	https://jira.xwiki.org/browse/XWIKI-22460	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Version: >= 15.9-rc-1, < 15.10.12 Version: >= 16.0.0-rc-1, < 16.4.3 Version: >= 16.5.0-rc-1, < 16.8.0-rc-1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32973",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:14:58.263524Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:15:04.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-22460"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 15.9-rc-1, \u003c 15.10.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-rc-1, \u003c 16.4.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.5.0-rc-1, \u003c 16.8.0-rc-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T14:55:04.478Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x7wv-5qg4-vmr6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x7wv-5qg4-vmr6"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/1a6f1b2e050770331c9a63d12a3fd8a36d199f62",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/1a6f1b2e050770331c9a63d12a3fd8a36d199f62"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-22460",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-22460"
        }
      ],
      "source": {
        "advisory": "GHSA-x7wv-5qg4-vmr6",
        "discovery": "UNKNOWN"
      },
      "title": "org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32973",
    "datePublished": "2025-04-30T14:55:04.478Z",
    "dateReserved": "2025-04-14T21:47:11.455Z",
    "dateUpdated": "2025-04-30T15:15:04.046Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-32971 (GCVE-0-2025-32971)

Vulnerability from cvelistv5

Published

2025-04-30 14:54

Modified

2025-04-30 15:18

Severity ?

3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-863 - Incorrect Authorization

Summary

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's scripting API normally requires programming rights to be called. Due to using the wrong API for checking rights, it doesn't take the fact into account that programming rights might have been dropped by calling `$xcontext.dropPermissions()`. If some code relies on this for the safety of executing Velocity code with the wrong author context, this could allow a user with script rights to either cause a high load by indexing documents or to temporarily remove documents from the search index. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0-rc-1.

References

►

URL

Tags

	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-987p-r3jc-8c8v	x_refsource_CONFIRM
	https://github.com/xwiki/xwiki-platform/commit/6570f40f976aec82baf388b5239d1412cab238c9	x_refsource_MISC
	https://jira.xwiki.org/browse/XWIKI-22474	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Version: >= 4.5.1, < 15.10.13 Version: >= 16.0.0-rc-1, < 16.4.4 Version: >= 16.5.0-rc-1, < 16.8.0-rc-1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32971",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:18:24.466320Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:18:28.533Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-987p-r3jc-8c8v"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-22474"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.5.1, \u003c 15.10.13"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-rc-1, \u003c 16.4.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.5.0-rc-1, \u003c 16.8.0-rc-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn\u0027t take dropped programming rights into account. The Solr script service that is accessible in XWiki\u0027s scripting API normally requires programming rights to be called. Due to using the wrong API for checking rights, it doesn\u0027t take the fact into account that programming rights might have been dropped by calling `$xcontext.dropPermissions()`. If some code relies on this for the safety of executing Velocity code with the wrong author context, this could allow a user with script rights to either cause a high load by indexing documents or to temporarily remove documents from the search index. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0-rc-1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T14:54:55.124Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-987p-r3jc-8c8v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-987p-r3jc-8c8v"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/6570f40f976aec82baf388b5239d1412cab238c9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/6570f40f976aec82baf388b5239d1412cab238c9"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-22474",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-22474"
        }
      ],
      "source": {
        "advisory": "GHSA-987p-r3jc-8c8v",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki Solr script service doesn\u0027t take dropped programming right into account"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32971",
    "datePublished": "2025-04-30T14:54:55.124Z",
    "dateReserved": "2025-04-14T21:47:11.455Z",
    "dateUpdated": "2025-04-30T15:18:28.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-0898

Vulnerability from csaf_certbund

CVE-2025-32970 (GCVE-0-2025-32970)

Vulnerability from cvelistv5

CVE-2025-32974 (GCVE-0-2025-32974)

Vulnerability from cvelistv5

CVE-2025-32972 (GCVE-0-2025-32972)

Vulnerability from cvelistv5

CVE-2025-32973 (GCVE-0-2025-32973)

Vulnerability from cvelistv5

CVE-2025-32971 (GCVE-0-2025-32971)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature