CVE-2025-49586
Description
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.551
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-49586,CVE-2024-56158 are fixed in Xwiki-platform-oldcore 16.4.7 | Windows |
| Vulnerabilities CVE-2025-49586 are fixed in Xwiki-platform-oldcore 16.10.3 | Windows |
| Vulnerabilities CVE-2025-49586 are fixed in Xwiki-platform-oldcore 17.0.0 | Windows |
| Vulnerabilities CVE-2025-49586,CVE-2024-56158,CVE-2025-54125,CVE-2025-54124 are fixed in Xwiki-platform-oldcore 16.4.7 | Windows |
| Vulnerabilities CVE-2025-49586,CVE-2024-56158 are fixed in Xwiki-platform-oldcore for Linux 16.4.7 | Linux |
| Vulnerabilities CVE-2025-49586 are fixed in Xwiki-platform-oldcore for Linux 16.10.3 | Linux |
| Vulnerabilities CVE-2025-49586 are fixed in Xwiki-platform-oldcore for Linux 17.0.0 | Linux |
| Vulnerabilities CVE-2025-49586,CVE-2024-56158,CVE-2025-54125,CVE-2025-54124 are fixed in Xwiki-platform-oldcore for Linux 16.4.7 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234