Platform
java
Component
org.xwiki.platform:xwiki-platform-security-requiredrights-default
Fixed in
15.9.1
16.0.1
15.10.8
CVE-2025-32974 is a critical Cross-Site Scripting (XSS) vulnerability affecting XWiki Platform. This flaw allows attackers to inject malicious scripts into page properties, which are then executed when a user with elevated privileges (script, admin, or programming rights) edits the page. The vulnerability impacts XWiki Platform versions prior to 15.10.8 and poses a significant risk to the confidentiality, integrity, and availability of XWiki installations. A fix is available in version 15.10.8.
The impact of CVE-2025-32974 is severe. An attacker can leverage this vulnerability to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to a wide range of malicious activities, including session hijacking, credential theft, defacement of the XWiki instance, and redirection to malicious websites. The ability to inject scripts into properties that are executed upon editing allows for persistent and stealthy attacks, as the malicious code remains embedded within the page until it is removed. The vulnerability bypasses existing XWiki warnings related to script macros, making it easier for attackers to exploit. Successful exploitation could compromise the entire XWiki installation and potentially affect connected systems.
CVE-2025-32974 was publicly disclosed on April 29, 2025. The vulnerability's ease of exploitation and potential impact suggest a medium probability of exploitation (EPSS score pending). Public proof-of-concept code is not yet widely available, but the vulnerability's description makes it relatively straightforward to reproduce. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting XWiki instances.
Exploit Status
EPSS
1.38% (80% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-32974 is to upgrade XWiki Platform to version 15.10.8 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds. Carefully review all page properties for suspicious content, particularly those related to text areas or properties that might accept script-like input. Restrict user permissions to the minimum necessary level; avoid granting script, admin, or programming rights to users who do not require them. Implement a Web Application Firewall (WAF) with rules to detect and block XSS payloads targeting XWiki. Monitor XWiki logs for unusual activity or attempts to inject malicious scripts. After upgrading, confirm the fix by attempting to create a page with a malicious script in a TextArea property and verifying that the script is not executed when a user with appropriate permissions edits the page.
Update XWiki to version 15.10.8 or higher, or to version 16.2.0 or higher. This will correct the vulnerability that allows the execution of malicious scripts when editing pages with certain properties. The update ensures that the required rights analysis correctly considers TextAreas with the default content type.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-32974 is a critical Cross-Site Scripting (XSS) vulnerability in XWiki Platform versions before 15.10.8, allowing malicious script execution when privileged users edit pages.
If you are running XWiki Platform versions prior to 15.10.8, you are vulnerable to this XSS attack. Assess your environment immediately.
Upgrade XWiki Platform to version 15.10.8 or later to patch this vulnerability. Implement temporary workarounds if immediate upgrade is not possible.
While no confirmed exploitation is currently public, the vulnerability's ease of exploitation suggests a potential for active campaigns. Monitor security advisories.
Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.