CVE-2025-32970

nvd nist nuclei

Published: Apr 30, 2025Modified: May 13, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0.

Affected (4)

Products: Xwiki: Xwiki

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Xwiki Xwiki	From 13.5 to 15.10.13
Xwiki Xwiki	From 16.0.0 to 16.4.4
Xwiki Xwiki	From 16.5.0 to 16.8.0
Xwiki Xwiki	Version 16.8.0 rc1

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

References (4)

https://github.com/xwiki/xwiki-platform/commit/6dab7909f45deb00efd36a0cd47788e95ad64802

Source: security-advisories@github.com

Patch

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pjhg-9wr9-rj96

Source: security-advisories@github.com

Vendor Advisory

https://jira.xwiki.org/browse/XWIKI-22487

Source: security-advisories@github.com

ExploitIssue TrackingVendor Advisory

https://jira.xwiki.org/browse/XWIKI-22487

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.