Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 03 Sep 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Xwiki xwiki
|
|
CPEs | cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* | |
Vendors & Products |
Xwiki xwiki
|
|
Metrics |
cvssV3_1
|
Tue, 15 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Fri, 13 Jun 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Fri, 13 Jun 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 13 Jun 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability is fixed in 17.1.0-rc-1, 16.10.4, and 16.4.7. | |
Title | XWiki allows privilege escalation through link refactoring | |
Weaknesses | CWE-266 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-06-13T18:09:04.665Z
Reserved: 2025-06-06T15:44:21.555Z
Link: CVE-2025-49580

Updated: 2025-06-13T15:56:15.771Z

Status : Analyzed
Published: 2025-06-13T16:15:27.417
Modified: 2025-09-03T17:52:44.700
Link: CVE-2025-49580

No data.

Updated: 2025-06-23T09:16:30Z