Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 9.8-rc-1 through 16.4.6, 16.5.0-rc-1 through 16.10.4, and 17.0.0-rc-1 through 17.1.0, any user with editing rights can create an XClass with a database list property that references a password property. When adding an object of that XClass, the content of that password property is displayed. In practice, with a standard rights setup, this means that any user with an account on the wiki can access password hashes of all users, and possibly other password properties (with hashed or plain storage) that are on pages that the user can view. This issue is fixed in versions 16.4.7, 16.10.5 and 17.2.0-rc-1.

INFO

Published Date :

2025-08-05T23:28:07.166Z

Last Modified :

2025-08-06T20:28:10.785Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54124 vulnerability.

Vendors Products
Xwiki
  • Xwiki
  • Xwiki-platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54124.

URL Resource
https://github.com/xwiki/xwiki-platform/commit/f2ca8649cba2ed3765061660bf5c7f801afa0b24 cve-icon cve-icon
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r38m-cgpg-qj69 cve-icon cve-icon
https://jira.xwiki.org/browse/XWIKI-22811 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact