Description

XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.

INFO

Published Date :

2025-06-13T17:47:07.105Z

Last Modified :

2025-06-13T18:07:37.038Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49586 vulnerability.

Vendors Products
Xwiki
  • Xwiki
  • Xwiki-platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49586.

URL Resource
https://github.com/xwiki/xwiki-platform/commit/ef978315649cf83eae396021bb33603a1a5f7e42 cve-icon cve-icon
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp4x-w9cj-97q7 cve-icon cve-icon
https://jira.xwiki.org/browse/XWIKI-22719 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact