CVE-2025-55749

| EUVD-2025-200075 HIGH
2025-12-01 [email protected] GHSA-53gx-j3p6-2rw9
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 13:34 euvd
EUVD-2025-200075
Analysis Generated
Mar 15, 2026 - 13:34 vuln.today
Patch Released
Mar 15, 2026 - 13:34 nvd
Patch available
CVE Published
Dec 01, 2025 - 21:15 nvd
HIGH 7.5

Tags

Authentication Bypass Xwiki

Description

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.

Analysis

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.

Technical Context

This vulnerability is classified as Improper Access Control (CWE-284).

Affected Products

Affected products: Xwiki Xwiki

Remediation

A vendor patch is available. Apply it as soon as possible and verify the fix.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +1.8
CVSS: +38
POC: 0

Share

CVE-2025-55749 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy