Sensitive Data Exposure in XWiki Platform Product by XWiki
CVE-2025-58049

5.8MEDIUM

Key Information:

Vendor: Xwiki
Status: Xwiki-platform
Vendor: CVE Published:; 28 August 2025

What is CVE-2025-58049?

In the XWiki Platform, versions ranging from 14.4.2 to prior to 16.4.8, along with specific release candidates, a vulnerability allows sensitive cookies to be stored unencrypted in job statuses during PDF export jobs. This flaw could result in exposure of plaintext passwords if access to system backups is gained. XWiki has implemented patches in later versions to mitigate this issue, ensuring sensitive information is managed securely.

Affected Version(s)

xwiki-platform >= 14.4.2, < 16.4.8 < 14.4.2, 16.4.8

xwiki-platform >= 16.5.0-rc-1, < 16.10.7 < 16.5.0-rc-1, 16.10.7

xwiki-platform >= 17.0.0-rc-1, < 17.4.0-rc-1 < 17.0.0-rc-1, 17.4.0-rc-1

References

https://github.com/xwiki/xwiki-platform/security/advisori...

x_refsource_CONFIRM

https://github.com/xwiki/xwiki-platform/commit/60982ad005...

x_refsource_MISC

https://jira.xwiki.org/browse/XWIKI-23151

x_refsource_MISC

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2025
Vulnerability Reserved
Aug 22, 2025

Xwiki

What is CVE-2025-58049?

Affected Version(s)

References

CVSS V3.1

Timeline