Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1qbTQzLWhycTctcjd3Ns4ABJCM

High CVSS: 8.5 EPSS: 0.00058% (0.18015 Percentile) EPSS:
Permalink JSON

XWiki allows privilege escalation through link refactoring

Affected Packages Affected Versions Fixed Versions
maven:org.xwiki.platform:xwiki-platform-refactoring-default >= 7.4.5, < 8.0-milestone-1, >= 8.2, < 16.4.7, >= 16.5.0-rc-1, < 16.10.4, >= 17.0.0-rc-1, < 17.1.0-rc-1 , 16.4.7, 16.10.4, 17.1.0-rc-1

Impact

Pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed.
This vulnerability affects all version of XWiki since 8.2 and 7.4.5.

Patches

The patch consists in only setting the originalMetadataAuthor when performing such change, so that it's displayed in the history but it has no impact on the right evaluation (i.e. the original author of the changes is still used for right computation).

This patch has been applied on XWiki 16.4.7, 17.1.0RC1, 16.10.4.

Workarounds

There's no workaround for this vulnerability, except preventing to perform any refactoring operation with users having more than edit rights.
Administrators are strongly advised to upgrade. If not possible, the patch only impacts module xwiki-platform-refactoring-default so it's possible to apply the commit and rebuild and deploy only that module.

CVSS explanation

Attack vector: Network - Always for XWiki.
Complexity: Low - The set of operations to perform the attack is quite easy.
Attack requirements: None - Any system is vulnerable, it doesn't depend on specific condition other than user interaction.
Privileges required: Low - The attacker only needs edit rights.
User interaction: Active - To be successful the attack needs someone with more rights to perform a move/rename of a specific page.
Confidentiality: High - The attack might lead to execution of any script.
Integrity: High - The attack might lead to execution of any script.
Availability: High - The attack might lead to execution of any script.
Subsequent system impacts: None for any criteria. Only current system is affected.

For more information

If you have any questions or comments about this advisory:

References:

Identifiers

GHSA-jm43-hrq7-r7w6

CVE-2025-49580

Risk

Severity

High

CVSS

CVSS Score: 8.5

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00058

EPSS Percentile: 0.18015

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/xwiki/xwiki-platform

Date and time

Published

about 2 months ago

Updated

about 2 months ago

API

JSON