Home > Vulnerability Database > CVE-2025-48885

Mend.io Vulnerability Database

CVE-2025-48885

Good to know:

Date: May 30, 2025

application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don't exist already. This can enable guest users to denature the structure of wiki pages, by creating 1000's of pages with random name, that then become very difficult to handle by admins. Version 1.2.4 fixes the issue. No known workarounds are available.

Severity Score

6.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-48885

Url: https://github.com/xwikisas/application-urlshortener/commit/f121a9c973fd25948e82efcb6289d53fe00a9e7d

Url: https://github.com/xwikisas/application-urlshortener/security/advisories/GHSA-c57g-9v2r-w8v3

Url: https://www.mend.io/vulnerability-database/CVE-2025-48885

Severity Score

6.5

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version https://github.com/xwikisas/application-urlshortener.git - application-urlshortener-1.2.4

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-48885

Good to know:

Date: May 30, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?