VYPR
Critical severityNVD Advisory· Published Sep 3, 2025· Updated Sep 3, 2025

XWiki Platform's configuration files can be accessed through the webjars API

CVE-2025-55747

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-webjars-apiMaven
>= 7.1.4, < 16.10.716.10.7
org.xwiki.platform:xwiki-platform-webjars-apiMaven
>= 17.0.0-rc-1, < 17.4.0-rc-117.4.0-rc-1
org.xwiki.platform:xwiki-platform-webjarsMaven
>= 6.1-miletone-2, <= 7.1.3

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.