cve-2025-32969
Vulnerability from cvelistv5
Published
2025-04-23 15:33
Modified
2025-04-23 16:15
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API
References
security-advisories@github.comhttps://github.com/xwiki/xwiki-platform/commit/5c11a874bd24a581f534d283186e209bbccd8113
security-advisories@github.comhttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f69v-xrj8-rhxf
security-advisories@github.comhttps://jira.xwiki.org/browse/XWIKI-22691
Impacted products
xwikixwiki-platform
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-32969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T16:15:32.946572Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:15:40.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.8, \u003c 15.10.16"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-rc-1, \u003c 16.4.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.5.0-rc-1, \u003c 16.10.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when \"Prevent unregistered users from viewing pages, regardless of the page rights\" and \"Prevent unregistered users from editing pages, regardless of the page rights\" options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-23T15:33:03.732Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f69v-xrj8-rhxf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f69v-xrj8-rhxf"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/5c11a874bd24a581f534d283186e209bbccd8113",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/5c11a874bd24a581f534d283186e209bbccd8113"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-22691",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-22691"
        }
      ],
      "source": {
        "advisory": "GHSA-f69v-xrj8-rhxf",
        "discovery": "UNKNOWN"
      },
      "title": "org.xwiki.platform:xwiki-platform-rest-server allows SQL injection in query endpoint of REST API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-32969",
    "datePublished": "2025-04-23T15:33:03.732Z",
    "dateReserved": "2025-04-14T21:47:11.454Z",
    "dateUpdated": "2025-04-23T16:15:40.344Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-32969\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-04-23T16:15:47.797\",\"lastModified\":\"2025-04-29T13:52:47.470\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when \\\"Prevent unregistered users from viewing pages, regardless of the page rights\\\" and \\\"Prevent unregistered users from editing pages, regardless of the page rights\\\" options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki.\"},{\"lang\":\"es\",\"value\":\"XWiki es una plataforma wiki gen\u00e9rica. En versiones a partir de la 1.8 y anteriores a las 15.10.16, 16.4.6 y 16.10.1, un usuario remoto no autenticado puede escapar del contexto de ejecuci\u00f3n HQL y realizar una inyecci\u00f3n SQL ciega para ejecutar sentencias SQL arbitrarias en el backend de la base de datos, incluso cuando las opciones \\\"Impedir que usuarios no registrados vean p\u00e1ginas, independientemente de sus derechos\\\" e \\\"Impedir que usuarios no registrados editen p\u00e1ginas, independientemente de sus derechos\\\" est\u00e1n habilitadas. Dependiendo del backend de la base de datos utilizado, el atacante podr\u00eda obtener informaci\u00f3n confidencial, como hashes de contrase\u00f1as, y ejecutar consultas UPDATE/INSERT/DELETE. Este problema se ha corregido en las versiones 16.10.1, 16.4.6 y 15.10.16. No se conoce ning\u00fan workaround, salvo actualizar XWiki.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/5c11a874bd24a581f534d283186e209bbccd8113\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f69v-xrj8-rhxf\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-22691\",\"source\":\"security-advisories@github.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.