Back to search
CVE-2025-49580
Published: Jun 13, 2025
Modified: Jun 13, 2025
PUBLISHED
Description
XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7.
| Vendor | Product | Versions |
|---|---|---|
xwiki | xwiki-platform | affected >= 17.0.0-rc-1, < 17.1.0-rc-1affected >= 16.5.0-rc-1, < 16.10.4affected >= 8.2, < 16.4.7affected >= 7.4.5, < 8.0-milestone-1 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now