CVE-2025-55749
Description
XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.267
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-55749 are fixed in XWiki - xwiki-platform-tool-jetty-resources 16.10.11 | Windows |
| Vulnerabilities CVE-2025-55749 are fixed in XWiki - xwiki-platform-tool-jetty-resources 17.4.4 | Windows |
| Vulnerabilities CVE-2025-55749 are fixed in XWiki - xwiki-platform-tool-jetty-resources 17.7.0 | Windows |
| Vulnerabilities CVE-2025-55749 are fixed in XWiki - xwiki-platform-tool-jetty-resources for Linux 16.10.11 | Linux |
| Vulnerabilities CVE-2025-55749 are fixed in XWiki - xwiki-platform-tool-jetty-resources for Linux 17.4.4 | Linux |
| Vulnerabilities CVE-2025-55749 are fixed in XWiki - xwiki-platform-tool-jetty-resources for Linux 17.7.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234