XWikiplatform Incorrect Authorization Vulnerability - CVE-2025-49586 - Vulnerability Database

XWikiplatform Incorrect Authorization Vulnerability - CVE-2025-49586

High

Reference: CVE-2025-49586

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-49586

Title: XWikiplatform Incorrect Authorization Vulnerability

Overview:

XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0 16.4.7 and 16.10.3.