CVE-2025-29925 Information
Description
XWiki Platform is a generic wiki platform. Prior to 15.10.14 16.4.6 and 16.10.0-rc-1 protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn’t have view rights on them. It’s particularly true if the entire wiki is protected with \Prevent unregistered user to view pages\
Reference
https://github.com/xwiki/xwiki-platform/commit/1fb12d2780f37b34a1b4dfdf8457d97ce5cbb2df https://github.com/xwiki/xwiki-platform/commit/bca72f5ce971a31dba2a016d8dd8badda4475206 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-22q5-9phm-744v https://jira.xwiki.org/browse/XWIKI-22630 https://jira.xwiki.org/browse/XWIKI-22630 https://jira.xwiki.org/browse/XWIKI-22639 https://jira.xwiki.org/browse/XWIKI-22639
Share on: