Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
XWikiplatform Relative Path Traversal Vulnerability - CVE-2025-55748 - Vulnerability Database
XWikiplatform

XWikiplatform Relative Path Traversal Vulnerability - CVE-2025-55748

High
Reference: CVE-2025-55748
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-55748
Title: XWikiplatform Relative Path Traversal Vulnerability
Overview:

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6 configuration files are accessible through jsx and sx endpoints. It39s possible to access and read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHomeresource../../WEB-INF/xwiki.cfgampminifyfalse. This is fixed in version 16.10.7.