Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-29926
Good to know:
Date: March 19, 2025
XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard by default: it needs to be installed manually through the extension manager. The problem has been patched in versions 15.10.15, 16.4.6 and 16.10.0 of the REST module.
Severity Score
Related Resources (6)
Severity Score
Top Fix
Upgrade Version
Upgrade to version org.xwiki.platform:xwiki-platform-wiki-rest-default:15.10.15;org.xwiki.platform:xwiki-platform-wiki-rest-default:16.4.6;org.xwiki.platform:xwiki-platform-wiki-rest-default:16.10.0;org.xwiki.platform:xwiki-platform-wiki-rest-default:15.10.15;org.xwiki.platform:xwiki-platform-wiki-rest-default:16.4.6;org.xwiki.platform:xwiki-platform-wiki-rest-default:16.10.0;https://github.com/xwiki/xwiki-platform.git - xwiki-platform-15.10.15;https://github.com/xwiki/xwiki-platform.git - xwiki-platform-16.4.6;https://github.com/xwiki/xwiki-platform.git - xwiki-platform-16.10.0
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |