Unauthorized Metadata Access in XWiki by XWiki SAS
CVE-2025-46554
Currently unrated
What is CVE-2025-46554?
An unauthorized access vulnerability exists in XWiki that allows any user to view the metadata of attachments via the wiki's attachment REST endpoint. This flaw is present in multiple versions, enabling unauthenticated users to exploit the weakness, even in private wikis, as there are no user rights filtering mechanisms in place. The problem has been addressed in the newer versions, with patches available in 14.10.22, 15.10.12, 16.4.3, and 16.7.0.