Vulnerability in Xwiki Xwiki-platform

CVE-2025-49585

XWiki is a generic wiki platform. In versions before 15.10.16, 16.0.0-rc-1 through 16.4.6, and 16.5.0-rc-1 through 16.10.1, when an attacker without script or programming right creates an XClass definition in XWiki (requires edit right), a…

EPSS: 0.006 (70.4th percentile) — read the EPSS interpretation.

Affected products

Xwiki Xwiki-platform — versions < 15.10.16, >= 16.0.0-rc-1, < 16.4.7, >= 16.5.0-rc-1, < 16.10.2

Weakness classification (CWE)

CWE-357

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-59w6-r9hm-439h (x_refsource_CONFIRM)
https://github.com/xwiki/xwiki-platform/commit/385bde985cdb61ebf315d30c0b144b6d2e2c2d45 (x_refsource_MISC)
https://jira.xwiki.org/browse/XWIKI-22476 (x_refsource_MISC)