org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API
翻译中…平台
java
组件
org.xwiki.platform:xwiki-platform-rest-server
修复版本
1.8.1
16.0.1
16.5.1
15.10.16
CVE-2025-32969 represents a critical SQL Injection vulnerability discovered in the XWiki Platform REST Server. This flaw allows unauthenticated, remote attackers to bypass security measures and directly manipulate the database backend. The vulnerability impacts versions of XWiki Platform REST Server before 15.10.16 and can be resolved by upgrading to the patched version.
检测此 CVE 是否影响你的项目
上传你的 pom.xml 文件,立即知道是否受影响。
影响与攻击场景翻译中…
The impact of CVE-2025-32969 is severe. An attacker can leverage this SQL Injection vulnerability to execute arbitrary SQL statements against the database without authentication. This includes scenarios where the "Prevent unregistered users from viewing pages" and "Prevent unregistered users from editing pages" options are enabled, effectively bypassing intended access controls. Successful exploitation could lead to the exfiltration of sensitive data, such as password hashes, and even allow for unauthorized modification or deletion of data within the database. The potential for data breaches and system compromise is significant, particularly in environments where XWiki Platform is used to manage critical information.
利用背景翻译中…
CVE-2025-32969 was publicly disclosed on April 23, 2025. The vulnerability's ease of exploitation, combined with the potential for significant data compromise, suggests a medium to high probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's nature makes it likely that such code will emerge. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
哪些人处于风险中翻译中…
Organizations using XWiki Platform REST Server for content management, collaboration, or knowledge sharing are at risk. This includes deployments where the platform handles sensitive data, such as user credentials or financial information. Shared hosting environments where multiple users share the same XWiki instance are particularly vulnerable, as a compromise of one user's account could lead to broader system access.
检测步骤翻译中…
• java / server: Monitor XWiki Platform REST Server logs for unusual SQL queries or error messages indicative of injection attempts. Use a WAF to filter potentially malicious SQL statements.
grep -i 'error: syntax' /var/log/xwiki/xwiki.log• database (mysql, postgresql): Monitor database audit logs for unexpected SQL commands originating from the XWiki Platform REST Server.
-- MySQL example
SELECT * FROM mysql.general_log WHERE command_type = 'Query' AND user = 'xwiki_user';• generic web: Monitor access logs for requests to XWiki REST API endpoints that might be vulnerable to SQL injection.
grep -i 'xwiki-platform-rest-server' /var/log/apache2/access.log攻击时间线
- Disclosure
disclosure
威胁情报
漏洞利用状态
EPSS
26.88% (96% 百分位)
CISA SSVC
CVSS 向量
这些指标意味着什么?
- Attack Vector
- 网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
- Attack Complexity
- 低 — 无需特殊条件,可以稳定地利用漏洞。
- Privileges Required
- 无 — 无需认证,无需凭证即可利用。
- User Interaction
- 无 — 攻击自动且无声,受害者无需任何操作。
- Scope
- 未改变 — 影响仅限于脆弱组件本身。
- Confidentiality
- 高 — 完全丧失机密性,攻击者可读取所有数据。
- Integrity
- 高 — 攻击者可写入、修改或删除任何数据。
- Availability
- 高 — 完全崩溃或资源耗尽,完全拒绝服务。
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The primary mitigation for CVE-2025-32969 is to upgrade XWiki Platform REST Server to version 15.10.16 or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds. While direct SQL Injection prevention is difficult without patching, strict input validation and parameterized queries (if possible within the XWiki environment) can reduce the attack surface. Review and restrict database user permissions to limit the potential damage from a successful injection. After upgrading, verify the fix by attempting to access restricted database resources through the REST API while unauthenticated; successful access indicates the vulnerability persists.
修复方法翻译中…
Actualice XWiki a la versión 16.10.1, 16.4.6 o 15.10.16, o a una versión posterior. Esto corrige la vulnerabilidad de inyección SQL en el endpoint de consulta de la API REST. No hay una solución alternativa disponible aparte de la actualización.
CVE 安全通讯
漏洞分析和关键警报直接发送到您的邮箱。
常见问题翻译中…
What is CVE-2025-32969 — SQL Injection in XWiki Platform REST Server?
CVE-2025-32969 is a critical SQL Injection vulnerability in XWiki Platform REST Server allowing unauthenticated attackers to execute arbitrary SQL queries, potentially compromising the database.
Am I affected by CVE-2025-32969 in XWiki Platform REST Server?
You are affected if you are using XWiki Platform REST Server versions prior to 15.10.16. Upgrade immediately to mitigate the risk.
How do I fix CVE-2025-32969 in XWiki Platform REST Server?
Upgrade XWiki Platform REST Server to version 15.10.16 or later. If immediate upgrade is not possible, implement temporary workarounds like input validation and restricted database permissions.
Is CVE-2025-32969 being actively exploited?
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a potential for active exploitation. Monitor security advisories and threat intelligence.
Where can I find the official XWiki advisory for CVE-2025-32969?
Refer to the official XWiki security advisory for detailed information and mitigation steps: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)