Scan free
CRITICALCVE-2024-43401CVSS 9.1

CVE-2024-43401: RCE in XWiki Platform

Platform

php

Component

xwiki-platform

Fixed in

15.10.1

AI Confidence: highNVDEPSS 1.5%Reviewed: May 2026
View on NVD
Save

CVE-2024-43401 describes a critical Remote Code Execution (RCE) vulnerability affecting XWiki Platform. An attacker can leverage this flaw to execute arbitrary code by tricking a user with elevated privileges into editing content containing a malicious payload within a WYSIWYG editor. This vulnerability impacts versions of XWiki Platform up to and including 15.10-rc-1, and a patch is available in version 15.10-rc-1.

Impact and Attack Scenarios

This vulnerability poses a significant risk because it allows an unprivileged user to execute code with the privileges of a higher-privileged user. An attacker could craft a malicious payload within a WYSIWYG editor and entice a user with administrative rights to edit the content. Upon editing, the payload would be executed, granting the attacker control over the XWiki Platform instance. This could lead to complete system compromise, data exfiltration, and further malicious activity. The lack of warning before editing potentially dangerous content exacerbates the risk, making users more susceptible to this attack.

Exploitation Context

CVE-2024-43401 was publicly disclosed on August 19, 2024. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability's criticality (CVSS 9.1) suggests a high probability of exploitation if a PoC becomes available. It is not currently listed on the CISA KEV catalog.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

1.46% (81% percentile)

CISA SSVC

Exploitationnone
Automatableno
Technical Impacttotal

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H9.1CRITICALAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeChangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityHighRisk of unauthorized data modificationAvailabilityHighRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
High — attacker can write, modify, or delete any data: databases, config files, or code.
Availability
High — complete crash or resource exhaustion. Full denial of service.

Affected Software

Componentxwiki-platform
Vendorxwiki
Affected rangeFixed in
< 15.10-rc-1 – < 15.10-rc-115.10.1

Weakness Classification (CWE)

CWE-269

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2024-43401 is to immediately upgrade XWiki Platform to version 15.10-rc-1 or later. If upgrading is not immediately feasible, consider restricting user permissions to minimize the impact of a successful attack. Specifically, limit the ability of users to edit content with WYSIWYG editors. Review existing content for any suspicious payloads. While a direct workaround isn't available, implementing strict input validation and sanitization within the WYSIWYG editor could offer a temporary layer of defense. After upgrading, confirm the fix by attempting to edit a test page with a known malicious payload – it should not execute.

How to fix

Update XWiki Platform to version 15.10RC1 or higher. This version contains a fix for the vulnerability that allows the execution of malicious payloads when editing content. The update will prevent users without script/programming permissions from exploiting the vulnerability.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-43401 — RCE in XWiki Platform?

CVE-2024-43401 is a critical Remote Code Execution vulnerability in XWiki Platform versions up to 15.10-rc-1. It allows an attacker to execute arbitrary code by tricking privileged users into editing malicious content.

Am I affected by CVE-2024-43401 in XWiki Platform?

You are affected if you are running XWiki Platform versions prior to 15.10-rc-1. Immediately assess your environment and upgrade to the patched version.

How do I fix CVE-2024-43401 in XWiki Platform?

The recommended fix is to upgrade XWiki Platform to version 15.10-rc-1 or later. If immediate upgrade isn't possible, restrict user permissions and implement input validation.

Is CVE-2024-43401 being actively exploited?

While no active exploitation has been confirmed, the vulnerability's criticality suggests a high probability of exploitation if a proof-of-concept is released.

Where can I find the official XWiki advisory for CVE-2024-43401?

Refer to the official XWiki security advisory for detailed information and updates: [https://www.xwiki.com/en/security/advisories/XW-SA-2024-002/]

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs