Vulnerability in Xwiki Xwiki-platform

CVE-2025-49583

XWiki is a generic wiki platform. When a user without script right creates a document with an `XWiki.Notifications.Code.NotificationEmailRendererClass` object, and later an admin edits and saves that document, the email templates in this o…

EPSS: 0.000 (13.6th percentile) — read the EPSS interpretation.

Affected products

Xwiki Xwiki-platform — versions < 15.10.16, >= 16.0.0-rc-1, < 16.4.7, >= 16.5.0-rc-1, < 16.10.2

Weakness classification (CWE)

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ff6v-w58f-v97w (x_refsource_CONFIRM)
https://github.com/xwiki/xwiki-platform/commit/3d96bf3ceb167bf0213d63f0be1f7e1732eb0a92 (x_refsource_MISC)
https://jira.xwiki.org/browse/XWIKI-22471 (x_refsource_MISC)