VYPR
High severityNVD Advisory· Published Jun 13, 2025· Updated Jun 13, 2025

XWiki allows privilege escalation through link refactoring

CVE-2025-49580

Description

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-refactoring-defaultMaven
>= 17.0.0-rc-1, < 17.1.0-rc-117.1.0-rc-1
org.xwiki.platform:xwiki-platform-refactoring-defaultMaven
>= 16.5.0-rc-1, < 16.10.416.10.4
org.xwiki.platform:xwiki-platform-refactoring-defaultMaven
>= 8.2, < 16.4.716.4.7
org.xwiki.platform:xwiki-platform-refactoring-defaultMaven
>= 7.4.5, < 16.4.716.4.7

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.