Vulnerability in Xwiki Xwiki-platform
CVE-2025-49582
XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These…
EPSS: 0.013 (80.1th percentile) — read the EPSS interpretation.
Affected products
- Xwiki Xwiki-platform — versions >= 15.9-rc-1, < 16.4.7, >= 16.5.0-rc-1, < 16.10.3, >= 17.0.0-rc-1, < 17.0.0
Weakness classification (CWE)
References
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c32m-27pj-4xcj (x_refsource_CONFIRM)
- https://github.com/xwiki/xwiki-platform/commit/0a705e8e253cb871b804e25c53b2bde879c886bd (x_refsource_MISC)
- https://github.com/xwiki/xwiki-platform/commit/3d451e957fe2b14459e9ac64172b4a0e4c46971c (x_refsource_MISC)
- https://github.com/xwiki/xwiki-platform/commit/abdcefc0db27035b67329add836fd683e0cf92b8 (x_refsource_MISC)
- https://github.com/xwiki/xwiki-platform/commit/cc74dc802efe0e2d3fa2ba3355dbadc51c5fd8c7 (x_refsource_MISC)
- https://jira.xwiki.org/browse/XWIKI-22758 (x_refsource_MISC)
- https://jira.xwiki.org/browse/XWIKI-22759 (x_refsource_MISC)
- https://jira.xwiki.org/browse/XWIKI-22763 (x_refsource_MISC)
- https://jira.xwiki.org/browse/XWIKI-22799 (x_refsource_MISC)