CVE-2025-58049
BaseFortify
Publication date: 2025-08-28
Last updated on: 2025-09-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xwiki | xwiki | From 14.4.2 (inc) to 16.4.8 (exc) |
| xwiki | xwiki | From 16.5.0 (inc) to 16.10.7 (exc) |
| xwiki | xwiki | From 17.0.0 (inc) to 17.3.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-257 | The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. |
| CWE-212 | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the XWiki platform's PDF export functionality causes sensitive cookies, including encrypted usernames and passwords, to be stored unencrypted in the job status data after PDF export jobs complete. These job statuses are saved permanently in the data directory. Since the encryption key protecting these cookies is also stored in the same directory, an attacker with access to this directory or its backups can retrieve user credentials in plaintext. This exposes sensitive session information and passwords, violating security best practices and potentially allowing unauthorized access. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized access to user accounts by exposing plaintext passwords and sensitive session cookies. An attacker who gains access to the data directory or its backups can retrieve these credentials, potentially leading to password reuse attacks or unauthorized actions within the XWiki platform. This compromises confidentiality but does not affect data integrity or availability. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability negatively impacts compliance with standards and regulations such as GDPR and HIPAA because it involves improper storage of sensitive personal data (passwords and session cookies) in a recoverable, unencrypted form. This exposure of sensitive information violates data protection principles requiring secure handling and storage of personal data, potentially leading to breaches of confidentiality and regulatory non-compliance. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the job status storage directory of the XWiki platform for PDF export jobs that contain unencrypted sensitive cookies and session data. Specifically, you can check the serialized job status files in the data directory for presence of keys like "request.cookies", "request.session", or "request.headers" that contain sensitive information. Since these are stored unencrypted, searching for cookie or session data in these files can indicate vulnerability. Commands to detect this might include using grep or similar tools to search for these keys in the job status files, for example: `grep -r 'request.cookies' /path/to/xwiki/data/jobs/` or `grep -r 'request.session' /path/to/xwiki/data/jobs/`. Additionally, verifying the XWiki version to see if it is within the vulnerable range (14.4.2 to before 16.4.8, 16.5.0-rc-1 to before 16.10.7, and 17.0.0-rc-1 to before 17.4.0-rc-1) can help identify if the system is affected. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and effective mitigation step is to upgrade the XWiki platform to one of the patched versions: 16.4.8, 16.10.7, or 17.4.0-rc-1 or later. These versions include a fix that cleans up sensitive information such as cookies, session, and headers from the PDF export job context after job completion, preventing storage of sensitive data in job statuses. No effective workarounds are known other than upgrading. Ensuring proper access controls on the data directory and its backups to prevent unauthorized access can also help reduce risk until the upgrade is performed. [1, 2]