CVE-2025-49586

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-49586
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.
CVSS

No CVSS.

References
Link Resource
https://github.com/xwiki/xwiki-platform/commit/ef978315649cf83eae396021bb33603a1a5f7e42
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp4x-w9cj-97q7
https://jira.xwiki.org/browse/XWIKI-22719
Configurations

No configuration.

History

13 Jun 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-13 18:15

Updated : 2025-06-13 18:15

NVD link : CVE-2025-49586

Mitre link : CVE-2025-49586

JSON object : View

Products Affected

No product.

CWE
CWE-863

Incorrect Authorization