Remote Code Execution Vulnerability in XWiki by XWiki SAS
CVE-2025-49586
8.7HIGH
What is CVE-2025-49586?
XWiki, an open-source wiki software platform, contains a vulnerability that allows any user with edit rights in at least one App Within Minutes application to execute arbitrary code remotely. This susceptibility arises from the editing capabilities of the application, enabling potential exploitation by malicious actors. Users are encouraged to upgrade to XWiki 17.0.0, 16.4.7, or 16.10.3 to mitigate this risk. For further technical details, please refer to the advisory.
Affected Version(s)
xwiki-platform >= 7.2-milestone-2, < 16.4.7 < 7.2-milestone-2, 16.4.7
xwiki-platform >= 16.5.0-rc-1, < 16.10.3 < 16.5.0-rc-1, 16.10.3
xwiki-platform >= 17.0.0-rc-1, < 17.0.0 < 17.0.0-rc-1, 17.0.0
References
CVSS V4
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved