Plattform
java
Komponente
org.xwiki.platform:xwiki-platform-security-requiredrights-default
Behoben in
15.9.1
16.0.1
15.10.8
CVE-2025-32974 is a critical Cross-Site Scripting (XSS) vulnerability affecting XWiki Platform. This flaw allows attackers to inject malicious scripts into page properties, which are then executed when a user with elevated privileges (script, admin, or programming rights) edits the page. The vulnerability impacts XWiki Platform versions prior to 15.10.8 and poses a significant risk to the confidentiality, integrity, and availability of XWiki installations. A fix is available in version 15.10.8.
The impact of CVE-2025-32974 is severe. An attacker can leverage this vulnerability to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to a wide range of malicious activities, including session hijacking, credential theft, defacement of the XWiki instance, and redirection to malicious websites. The ability to inject scripts into properties that are executed upon editing allows for persistent and stealthy attacks, as the malicious code remains embedded within the page until it is removed. The vulnerability bypasses existing XWiki warnings related to script macros, making it easier for attackers to exploit. Successful exploitation could compromise the entire XWiki installation and potentially affect connected systems.
CVE-2025-32974 was publicly disclosed on April 29, 2025. The vulnerability's ease of exploitation and potential impact suggest a medium probability of exploitation (EPSS score pending). Public proof-of-concept code is not yet widely available, but the vulnerability's description makes it relatively straightforward to reproduce. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting XWiki instances.
Organizations heavily reliant on XWiki Platform for content management and collaboration are at significant risk. Specifically, deployments with a large number of users with elevated privileges (script, admin, or programming rights) are particularly vulnerable. Environments where users frequently edit pages containing properties are also at increased risk.
• linux / server:
journalctl -u xwiki -f | grep -i "script injection"• generic web:
curl -I <xwiki_url>/xwiki/bin/view/Main/MainPage | grep -i "Content-Security-Policy"• database (mysql):
SELECT property_name, property_value FROM xwiki_property WHERE property_value LIKE '%<script%'disclosure
Exploit-Status
EPSS
1.38% (80% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-32974 is to upgrade XWiki Platform to version 15.10.8 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds. Carefully review all page properties for suspicious content, particularly those related to text areas or properties that might accept script-like input. Restrict user permissions to the minimum necessary level; avoid granting script, admin, or programming rights to users who do not require them. Implement a Web Application Firewall (WAF) with rules to detect and block XSS payloads targeting XWiki. Monitor XWiki logs for unusual activity or attempts to inject malicious scripts. After upgrading, confirm the fix by attempting to create a page with a malicious script in a TextArea property and verifying that the script is not executed when a user with appropriate permissions edits the page.
Aktualisieren Sie XWiki auf Version 15.10.8 oder höher oder auf Version 16.2.0 oder höher. Dies behebt die Schwachstelle, die die Ausführung von bösartigen Skripten beim Bearbeiten von Seiten mit bestimmten Eigenschaften ermöglicht. Das Update stellt sicher, dass die Analyse der erforderlichen Berechtigungen TextAreas mit dem Standardinhaltstyp korrekt berücksichtigt.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-32974 is a critical Cross-Site Scripting (XSS) vulnerability in XWiki Platform versions before 15.10.8, allowing malicious script execution when privileged users edit pages.
If you are running XWiki Platform versions prior to 15.10.8, you are vulnerable to this XSS attack. Assess your environment immediately.
Upgrade XWiki Platform to version 15.10.8 or later to patch this vulnerability. Implement temporary workarounds if immediate upgrade is not possible.
While no confirmed exploitation is currently public, the vulnerability's ease of exploitation suggests a potential for active campaigns. Monitor security advisories.
Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.