Vulnerability in Xwiki Xwiki-platform

CVE-2025-49587

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly maliciou…

EPSS: 0.006 (70.4th percentile) — read the EPSS interpretation.

Affected products

Xwiki Xwiki-platform — versions >= 15.9-rc-1, < 15.10.16, >= 16.0.0-rc-1, < 16.4.7, >= 16.5.0-rc-1, < 16.10.2

Weakness classification (CWE)

CWE-357

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j7p2-87q3-44w7 (x_refsource_CONFIRM)
https://github.com/xwiki/xwiki-platform/commit/55c5d568c4dc4619f37397d00d14dcdeab9c252d (x_refsource_MISC)
https://jira.xwiki.org/browse/XWIKI-22470 (x_refsource_MISC)