
We found results for “”
CVE-2025-49586
Good to know:

Date: June 13, 2025
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Incorrect Authorization
CWE-863Top Fix

Upgrade Version
Upgrade to version org.xwiki.platform:xwiki-platform-oldcore:16.4.7;org.xwiki.platform:xwiki-platform-oldcore:16.10.3;org.xwiki.platform:xwiki-platform-oldcore:16.4.7;org.xwiki.platform:xwiki-platform-oldcore:16.10.3;org.xwiki.platform:xwiki-platform-oldcore:17.0.0;https://github.com/xwiki/xwiki-platform.git - xwiki-platform-16.4.7;https://github.com/xwiki/xwiki-platform.git - xwiki-platform-16.10.3
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |