
We found results for “”
CVE-2025-49580
Good to know:

Date: June 13, 2025
XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Incorrect Privilege Assignment
CWE-266Top Fix

Upgrade Version
Upgrade to version org.xwiki.platform:xwiki-platform-refactoring-default:16.4.7;org.xwiki.platform:xwiki-platform-refactoring-default:16.10.4;org.xwiki.platform:xwiki-platform-refactoring-default:17.1.0-rc-1;org.xwiki.platform:xwiki-platform-refactoring-default:16.10.4;org.xwiki.platform:xwiki-platform-refactoring-default:16.4.7;https://github.com/xwiki/xwiki-platform.git - xwiki-platform-16.4.7;https://github.com/xwiki/xwiki-platform.git - xwiki-platform-16.10.4
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |