QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-66473

Back to search

CVE-2025-66473

Published: Dec 10, 2025

Modified: Dec 11, 2025

PUBLISHED

Description

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of pages in the wiki and the memory configuration, this can lead to slowness and unavailability of the wiki. As an example, the /rest/wikis/xwiki/spaces resource returns all spaces on the wiki by default, which are basically all pages. This issue is fixed in versions 17.4.4 and 16.10.11.

VendorProductVersions

xwiki

xwiki-platform

affected
< 16.10.11
affected
>= 17.0.0-rc-1, < 17.4.4
affected
>= 17.5.0-rc-1, < 17.7.0-rc-1

Weaknesses (CWE)

CWE-770

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now