Unauthorized Metadata Access in XWiki by XWiki SAS
CVE-2025-46554
Currently unrated
What is CVE-2025-46554?
An unauthorized access vulnerability exists in XWiki that allows any user to view the metadata of attachments via the wiki's attachment REST endpoint. This flaw is present in multiple versions, enabling unauthenticated users to exploit the weakness, even in private wikis, as there are no user rights filtering mechanisms in place. The problem has been addressed in the newer versions, with patches available in 14.10.22, 15.10.12, 16.4.3, and 16.7.0.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.