CNNVD-202507-3364 Information

Jul 26, 2025 cve

CNNVD ID

CNNVD-202507-3364

CVE-2025-54385

  • CNNVD Published: 2025-07-26

Description (Chinese)

XWiki Platform是XWiki开源的一套用于创建Web协作应用程序的Wiki平台。 XWiki Platform 17.0.0-rc1至17.2.2版本和16.10.5及之前版本存在输入验证错误漏洞,该漏洞源于未清理SQL查询,可能导致SQL注入攻击。

Description (English)

XWiki Platform is an open source of XWiki ’ s Wiki platform for creating a Web collaborative application. XWiki Platform 17.0.0-rc1-17.2.2 and 16.10.5 and previous versions have input validation error holes, which stem from the failure to clean up SQL queries, which could lead to an SQL injection attack.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

XWiki

Published

2025-07-26

Last Modified

2026-02-24

References

https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.6 https://github.com/xwiki/xwiki-platform/commit/7c4087d44ac550610b2fa413dd4f5375409265a5 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9qm-p942-q3w5 https://docs.oracle.com/en/database/oracle/oracle-database/19/arpls/DBMS_XMLGEN.html https://jira.xwiki.org/browse/XWIKI-22728 https://github.com/xwiki/xwiki-platform/commit/7313dc9b533c70f14b7672379c8b3b63d1fd8f51 https://access.redhat.com/security/cve/cve-2025-54385

Patch

https://www.xwiki.org/xwiki/bin/view/Download/

Share on: