VYPR
Critical severityNVD Advisory· Published Sep 3, 2025· Updated Sep 3, 2025

XWiki Platform's configuration files can be accessed through jsx and sx endpoints

CVE-2025-55748

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false. This is fixed in version 16.10.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-skin-skinxMaven
>= 4.2-milestone-2, < 16.10.716.10.7

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.