Skip to main content

CVE-2025-32973: CWE-862: Missing Authorization in xwiki xwiki-platform

Critical
VulnerabilityCVE-2025-32973cvecve-2025-32973cwe-862
Published: Wed Apr 30 2025 (04/30/2025, 14:55:04 UTC)
Source: CVE
Vendor/Project: xwiki
Product: xwiki-platform

Description

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1.

AI-Powered Analysis

AILast updated: 06/25/2025, 07:31:55 UTC

Technical Analysis

CVE-2025-32973 is a critical authorization vulnerability affecting multiple versions of the XWiki platform, a widely used generic wiki software. The flaw exists in versions from 15.9-rc-1 up to but not including 15.10.12, from 16.0.0-rc-1 up to but not including 16.4.3, and from 16.5.0-rc-1 up to but not including 16.8.0-rc-1. The vulnerability arises when a user with programming rights edits a document that was last modified by a user without programming rights but contains an XWiki.ComponentClass object. In this scenario, the system fails to warn the programming rights user that editing this document will grant programming rights to the embedded object. An attacker with edit rights on at least one page can insert a malicious XWiki.ComponentClass object into a document. When an administrator or a user with programming rights subsequently edits this document, the malicious object gains programming rights, effectively escalating the attacker’s privileges within the wiki environment. This can lead to full control over the wiki platform, including the ability to execute arbitrary code or modify critical configurations. The vulnerability requires that the attacker have at least edit rights on one page and that a user with programming rights interacts with the malicious document, implying a need for some user interaction but no direct admin compromise initially. The issue has been addressed and patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1. The CVSS v3.1 base score is 9.1, reflecting its critical severity with network attack vector, low attack complexity, requiring low privileges but some user interaction, and impacting confidentiality, integrity, and availability with scope change.

Potential Impact

For European organizations using affected versions of XWiki, this vulnerability poses a significant risk. XWiki is often deployed in enterprise environments for collaborative documentation, knowledge management, and internal wikis. Exploitation could allow attackers to escalate privileges from a low-level editor to a user with programming rights, effectively gaining administrative control over the wiki platform. This can lead to unauthorized data disclosure, modification of sensitive documentation, insertion of malicious code, or disruption of wiki services. Given that wikis often contain critical internal knowledge and documentation, the compromise could facilitate further lateral movement within the organization’s network or leak of intellectual property. The requirement for an attacker to have edit rights and for a programming rights user to edit the malicious document means that insider threats or compromised low-privilege accounts could be leveraged. The vulnerability’s critical severity and network exploitability make it a high-risk threat for organizations relying on XWiki for internal collaboration, especially in sectors with stringent data protection requirements such as finance, healthcare, and government agencies across Europe.

Mitigation Recommendations

1. Immediate upgrade: Organizations should promptly upgrade XWiki to patched versions 15.10.12, 16.4.3, or later versions beyond 16.8.0-rc-1 where the vulnerability is fixed. 2. Access control review: Restrict edit rights to trusted users only, minimizing the number of users who can edit pages to reduce the attack surface. 3. Programming rights audit: Regularly audit users with programming rights and monitor changes to documents containing XWiki.ComponentClass objects. 4. User training and awareness: Educate users with programming rights about the risk of editing documents last modified by users without programming rights, especially those containing component classes. 5. Implement monitoring and alerting: Deploy monitoring to detect unusual editing patterns or privilege escalations within the wiki platform. 6. Segmentation: Isolate the wiki platform within the network to limit potential lateral movement if compromised. 7. Incident response readiness: Prepare to respond to potential exploitation by having backups of wiki data and a plan to revoke compromised credentials and restore integrity.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-04-14T21:47:11.455Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983bc4522896dcbedf52

Added to database: 5/21/2025, 9:09:15 AM

Last enriched: 6/25/2025, 7:31:55 AM

Last updated: 7/30/2025, 6:19:00 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats