CVE-2025-32971

CVSS 3.1 Score 3.8 of 10 (low)

Details

Published Apr 30, 2025
Updated: May 13, 2025
CWE ID 863

Summary

CVE-2025-32971 affects XWiki versions 4.5.1 to before 15.10.13, 16.0.0-rc-1 to before 16.4.4, and 16.5.0-rc-1 to before 16.8.0-rc-1. The issue lies in the Solr script service, which fails to consider dropped programming rights when checking access. Though normally requiring programming rights for execution, the service does not account for the `$xcontext.dropPermissions()` call, enabling users with script rights to potentially cause a high load by indexing documents or temporarily remove documents from the search index. This vulnerability has been addressed in versions 15.10.13, 16.4.4, and 16.8.0-rc-1.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share