XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false`. This is fixed in version 16.10.7.
History

Wed, 03 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 03 Sep 2025 20:30:00 +0000

Type Values Removed Values Added
Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false`. This is fixed in version 16.10.7.
Title XWiki Platform's configuration files can be accessed through jsx and sx endpoints
Weaknesses CWE-23
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-09-03T20:47:51.121Z

Reserved: 2025-08-14T22:31:17.685Z

Link: CVE-2025-55748

cve-icon Vulnrichment

Updated: 2025-09-03T20:47:47.600Z

cve-icon NVD

Status : Received

Published: 2025-09-03T21:15:32.460

Modified: 2025-09-03T21:15:32.460

Link: CVE-2025-55748

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.