What is CVE-2025-32969?

CVE-2025-32969 is a vulnerability in Xwiki Xwiki-platform, classified under SQL Injection. Published 2025-04-23.

Is CVE-2025-32969 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Xwiki Xwiki-platform

CVE-2025-32969

XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to exec…

Vulnerability class: SQL Injection

EPSS: 0.779 (99.5th percentile) — read the EPSS interpretation.

Affected products

Xwiki Xwiki-platform — versions >= 1.8, < 15.10.16, >= 16.0.0-rc-1, < 16.4.6, >= 16.5.0-rc-1, < 16.10.1

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f69v-xrj8-rhxf (x_refsource_CONFIRM)
https://github.com/xwiki/xwiki-platform/commit/5c11a874bd24a581f534d283186e209bbccd8113 (x_refsource_MISC)
https://jira.xwiki.org/browse/XWIKI-22691 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-32969?: CVE-2025-32969 is a vulnerability in Xwiki Xwiki-platform, classified under SQL Injection. Published 2025-04-23.
Is CVE-2025-32969 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.