XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false`. This is fixed in version 16.10.7.
Metrics
Affected Vendors & Products
References
History
Wed, 03 Sep 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 03 Sep 2025 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false`. This is fixed in version 16.10.7. | |
Title | XWiki Platform's configuration files can be accessed through jsx and sx endpoints | |
Weaknesses | CWE-23 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-09-03T20:47:51.121Z
Reserved: 2025-08-14T22:31:17.685Z
Link: CVE-2025-55748

Updated: 2025-09-03T20:47:47.600Z

Status : Received
Published: 2025-09-03T21:15:32.460
Modified: 2025-09-03T21:15:32.460
Link: CVE-2025-55748

No data.

No data.