Authentication Bypass in XWiki Affects Multiple Versions
CVE-2025-46557
Currently unrated
What is CVE-2025-46557?
In XWiki versions 15.3-rc-1 to before 15.10.14, 16.0.0-rc-1 to before 16.4.6, and 16.5.0-rc-1 to before 16.10.0-rc-1, a user with access to the XWiki space can manipulate authentication methods via the XWiki.Authentication.Administration page. This presents a risk where, if no secure authenticator is configured in xwiki.cfg, the default Standard XWiki Authenticator could be exploited, potentially allowing unauthorized changes to authentication settings. This vulnerability highlights the importance of securing authentication configurations and ensuring updated installations to mitigate risk.