Critical severityNVD Advisory· Published Sep 3, 2025· Updated Sep 3, 2025
XWiki Platform's configuration files can be accessed through the webjars API
CVE-2025-55747
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.xwiki.platform:xwiki-platform-webjars-apiMaven | >= 7.1.4, < 16.10.7 | 16.10.7 |
org.xwiki.platform:xwiki-platform-webjars-apiMaven | >= 17.0.0-rc-1, < 17.4.0-rc-1 | 17.4.0-rc-1 |
org.xwiki.platform:xwiki-platform-webjarsMaven | >= 6.1-miletone-2, <= 7.1.3 | — |
Affected products
3- ghsa-coords2 versionspkg:maven/org.xwiki.platform/xwiki-platform-webjarspkg:maven/org.xwiki.platform/xwiki-platform-webjars-api
>= 6.1-miletone-2, <= 7.1.3+ 1 more
- (no CPE)range: >= 6.1-miletone-2, <= 7.1.3
- (no CPE)range: >= 7.1.4, < 16.10.7
- Range: >= 6.1-milestone-2, < 16.10.7
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-qww7-89xh-x7m7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-55747ghsaADVISORY
- github.com/xwiki/xwiki-platform/commit/9e7b4c03f2143978d891109a17159f73d4cdd318ghsax_refsource_MISCWEB
- github.com/xwiki/xwiki-platform/security/advisories/GHSA-qww7-89xh-x7m7ghsax_refsource_CONFIRMWEB
- jira.xwiki.org/browse/XWIKI-19350ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.