CVE-2025-32974

CVSS 3.1 Score 9 of 10 (high)

Details

Published Apr 30, 2025

Updated: May 13, 2025

CWE ID 116

CWE ID 269

Summary

CVE-2025-32974 is a vulnerability affecting XWiki, a widely-used generic wiki platform. In versions ranging from 15.9-rc-1 to 15.10.7 and 16.0.0-rc-1 to 16.2.0, the platform fails to perform adequate rights analysis for TextAreas with default content types. Malicious scripts can be inserted into certain properties that go unnoticed during editing. Users with script, admin, or programming rights can execute these scripts, leading to potential impacts on the confidentiality, integrity, and availability of the entire XWiki installation. This vulnerability has been addressed in versions 15.10.8 and 16.2.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Xwiki

Affected Vendors

xwiki

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners