CVE-2025-54385
BaseFortify
Publication date: 2025-07-26
Last updated on: 2025-09-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xwiki | xwiki | to 16.10.6 (exc) |
| xwiki | xwiki | From 17.0.0 (inc) to 17.2.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54385 is a high-severity SQL injection vulnerability in the XWiki platform affecting the `XWiki#searchDocuments` API. The vulnerability arises because the API passes queries directly to Hibernate without proper input sanitization, allowing attackers to inject arbitrary SQL queries. Even though the API enforces a specific SELECT clause, attackers can exploit Hibernate Query Language (HQL) native function support in other parts of the query, such as the WHERE clause, to execute malicious code. This enables an attacker with high privileges to remotely execute any SQL query, including Oracle-specific functions like DBMS_XMLGEN or DBMS_XMLQUERY, potentially compromising the confidentiality, integrity, and availability of the system. The issue is fixed in versions 16.10.6 and 17.3.0-rc-1. [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker with high privileges to remotely execute arbitrary SQL commands on the affected XWiki platform without user interaction. Exploiting this flaw can lead to full compromise of the system's confidentiality, integrity, and availability. Specifically, attackers can disclose sensitive data, modify or delete data, and disrupt services by executing malicious SQL queries, including those using Oracle-specific functions like DBMS_XMLGEN or DBMS_XMLQUERY. There are no known workarounds other than upgrading to patched versions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized or suspicious use of the XWiki#searchDocuments API, especially attempts to inject SQL queries using HQL native functions like DBMS_XMLGEN or DBMS_XMLQUERY. Since the vulnerability involves execution of arbitrary SQL queries via the searchDocuments API, detection could involve logging and analyzing API calls for unusual or malformed HQL queries. However, no specific detection commands or tools are provided in the available resources. [1, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade the XWiki platform to patched versions 16.10.6 or 17.3.0-rc-1 or later, where the vulnerability is fixed by enforcing strict validation of HQL search queries. This validation restricts execution of unsafe queries to users with programming rights only, preventing unauthorized SQL injection. There are no known workarounds other than upgrading. Ensuring that only trusted users have high privileges and monitoring for suspicious query activity can also help reduce risk until the upgrade is applied. [1, 3, 4]