CVE-2025-65089
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-11-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xwiki | xwiki | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in XWiki Remote Macros allows a user without view rights on a page to see the content of an office attachment through the view file macro. It occurs in versions prior to 1.27.0 and has been fixed in version 1.27.0.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information contained in office attachments, as users without proper permissions may view confidential content. This can compromise data confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability may lead to unauthorized access to sensitive data, potentially causing non-compliance with data protection regulations such as GDPR and HIPAA, which require strict control over access to personal and confidential information.
What immediate steps should I take to mitigate this vulnerability?
Upgrade XWiki Remote Macros to version 1.27.0 or later, as this version contains the patch that fixes the vulnerability allowing unauthorized users to view office attachment content.