CVE-2025-49586
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-13

Last updated on: 2025-09-03

Assigner: GitHub, Inc.

Description
XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-13
Last Modified
2025-09-03
Generated
2026-05-07
AI Q&A
2025-06-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49586
EUVD
EUVD-2025-18297
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
xwiki xwiki From 7.3 (inc) to 16.4.7 (exc)
xwiki xwiki From 16.5.0 (inc) to 16.10.3 (exc)
xwiki xwiki 7.2
xwiki xwiki 7.2
xwiki xwiki 17.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-49586 is a high-severity remote code execution vulnerability in the XWiki platform. It allows any user with edit rights on at least one App Within Minutes application (which by default includes all users) to escalate their privileges to programming rights and execute arbitrary code remotely by editing the application. This means an attacker can gain full control over the system without needing any additional user interaction beyond having edit permissions. [1]


How can this vulnerability impact me? :

This vulnerability can severely impact you by allowing unauthorized users to execute arbitrary code remotely on your XWiki platform. This leads to a full compromise of the system's confidentiality, integrity, and availability. Attackers can modify content, execute malicious code, and potentially take over the entire system, causing significant security breaches and operational disruptions. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting edit rights on all existing App Within Minutes applications to trusted users, as this reduces the risk of exploitation. Additionally, upgrading XWiki to one of the fixed versions 16.4.7, 16.10.3, or 17.0.0 is recommended to fully address the vulnerability. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart