VYPR
High severityNVD Advisory· Published Mar 19, 2025· Updated Mar 19, 2025

The WikiManager REST API allows any user to create wikis

CVE-2025-29926

Description

XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard by default: it needs to be installed manually through the extension manager. The problem has been patched in versions 15.10.15, 16.4.6 and 16.10.0 of the REST module.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-wiki-rest-defaultMaven
>= 5.4-rc-1, < 15.10.1515.10.15
org.xwiki.platform:xwiki-platform-wiki-rest-defaultMaven
>= 16.0.0-rc-1, < 16.4.616.4.6
org.xwiki.platform:xwiki-platform-wiki-rest-defaultMaven
>= 16.5.0-rc-1, < 16.10.016.10.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.