CVE-2025-32973: CWE-862: Missing Authorization in xwiki xwiki-platform
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1.
AI Analysis
Technical Summary
CVE-2025-32973 is a critical authorization vulnerability affecting multiple versions of the XWiki platform, a widely used generic wiki software. The flaw exists in versions from 15.9-rc-1 up to but not including 15.10.12, from 16.0.0-rc-1 up to but not including 16.4.3, and from 16.5.0-rc-1 up to but not including 16.8.0-rc-1. The vulnerability arises when a user with programming rights edits a document that was last modified by a user without programming rights but contains an XWiki.ComponentClass object. In this scenario, the system fails to warn the programming rights user that editing this document will grant programming rights to the embedded object. An attacker with edit rights on at least one page can insert a malicious XWiki.ComponentClass object into a document. When an administrator or a user with programming rights subsequently edits this document, the malicious object gains programming rights, effectively escalating the attacker’s privileges within the wiki environment. This can lead to full control over the wiki platform, including the ability to execute arbitrary code or modify critical configurations. The vulnerability requires that the attacker have at least edit rights on one page and that a user with programming rights interacts with the malicious document, implying a need for some user interaction but no direct admin compromise initially. The issue has been addressed and patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1. The CVSS v3.1 base score is 9.1, reflecting its critical severity with network attack vector, low attack complexity, requiring low privileges but some user interaction, and impacting confidentiality, integrity, and availability with scope change.
Potential Impact
For European organizations using affected versions of XWiki, this vulnerability poses a significant risk. XWiki is often deployed in enterprise environments for collaborative documentation, knowledge management, and internal wikis. Exploitation could allow attackers to escalate privileges from a low-level editor to a user with programming rights, effectively gaining administrative control over the wiki platform. This can lead to unauthorized data disclosure, modification of sensitive documentation, insertion of malicious code, or disruption of wiki services. Given that wikis often contain critical internal knowledge and documentation, the compromise could facilitate further lateral movement within the organization’s network or leak of intellectual property. The requirement for an attacker to have edit rights and for a programming rights user to edit the malicious document means that insider threats or compromised low-privilege accounts could be leveraged. The vulnerability’s critical severity and network exploitability make it a high-risk threat for organizations relying on XWiki for internal collaboration, especially in sectors with stringent data protection requirements such as finance, healthcare, and government agencies across Europe.
Mitigation Recommendations
1. Immediate upgrade: Organizations should promptly upgrade XWiki to patched versions 15.10.12, 16.4.3, or later versions beyond 16.8.0-rc-1 where the vulnerability is fixed. 2. Access control review: Restrict edit rights to trusted users only, minimizing the number of users who can edit pages to reduce the attack surface. 3. Programming rights audit: Regularly audit users with programming rights and monitor changes to documents containing XWiki.ComponentClass objects. 4. User training and awareness: Educate users with programming rights about the risk of editing documents last modified by users without programming rights, especially those containing component classes. 5. Implement monitoring and alerting: Deploy monitoring to detect unusual editing patterns or privilege escalations within the wiki platform. 6. Segmentation: Isolate the wiki platform within the network to limit potential lateral movement if compromised. 7. Incident response readiness: Prepare to respond to potential exploitation by having backups of wiki data and a plan to revoke compromised credentials and restore integrity.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Belgium, Italy
CVE-2025-32973: CWE-862: Missing Authorization in xwiki xwiki-platform
Description
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, when a user with programming rights edits a document in XWiki that was last edited by a user without programming rights and contains an XWiki.ComponentClass, there is no warning that this will grant programming rights to this object. An attacker who created such a malicious object could use this to gain programming rights on the wiki. For this, the attacker needs to have edit rights on at least one page to place this object and then get an admin user to edit that document. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1.
AI-Powered Analysis
Technical Analysis
CVE-2025-32973 is a critical authorization vulnerability affecting multiple versions of the XWiki platform, a widely used generic wiki software. The flaw exists in versions from 15.9-rc-1 up to but not including 15.10.12, from 16.0.0-rc-1 up to but not including 16.4.3, and from 16.5.0-rc-1 up to but not including 16.8.0-rc-1. The vulnerability arises when a user with programming rights edits a document that was last modified by a user without programming rights but contains an XWiki.ComponentClass object. In this scenario, the system fails to warn the programming rights user that editing this document will grant programming rights to the embedded object. An attacker with edit rights on at least one page can insert a malicious XWiki.ComponentClass object into a document. When an administrator or a user with programming rights subsequently edits this document, the malicious object gains programming rights, effectively escalating the attacker’s privileges within the wiki environment. This can lead to full control over the wiki platform, including the ability to execute arbitrary code or modify critical configurations. The vulnerability requires that the attacker have at least edit rights on one page and that a user with programming rights interacts with the malicious document, implying a need for some user interaction but no direct admin compromise initially. The issue has been addressed and patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1. The CVSS v3.1 base score is 9.1, reflecting its critical severity with network attack vector, low attack complexity, requiring low privileges but some user interaction, and impacting confidentiality, integrity, and availability with scope change.
Potential Impact
For European organizations using affected versions of XWiki, this vulnerability poses a significant risk. XWiki is often deployed in enterprise environments for collaborative documentation, knowledge management, and internal wikis. Exploitation could allow attackers to escalate privileges from a low-level editor to a user with programming rights, effectively gaining administrative control over the wiki platform. This can lead to unauthorized data disclosure, modification of sensitive documentation, insertion of malicious code, or disruption of wiki services. Given that wikis often contain critical internal knowledge and documentation, the compromise could facilitate further lateral movement within the organization’s network or leak of intellectual property. The requirement for an attacker to have edit rights and for a programming rights user to edit the malicious document means that insider threats or compromised low-privilege accounts could be leveraged. The vulnerability’s critical severity and network exploitability make it a high-risk threat for organizations relying on XWiki for internal collaboration, especially in sectors with stringent data protection requirements such as finance, healthcare, and government agencies across Europe.
Mitigation Recommendations
1. Immediate upgrade: Organizations should promptly upgrade XWiki to patched versions 15.10.12, 16.4.3, or later versions beyond 16.8.0-rc-1 where the vulnerability is fixed. 2. Access control review: Restrict edit rights to trusted users only, minimizing the number of users who can edit pages to reduce the attack surface. 3. Programming rights audit: Regularly audit users with programming rights and monitor changes to documents containing XWiki.ComponentClass objects. 4. User training and awareness: Educate users with programming rights about the risk of editing documents last modified by users without programming rights, especially those containing component classes. 5. Implement monitoring and alerting: Deploy monitoring to detect unusual editing patterns or privilege escalations within the wiki platform. 6. Segmentation: Isolate the wiki platform within the network to limit potential lateral movement if compromised. 7. Incident response readiness: Prepare to respond to potential exploitation by having backups of wiki data and a plan to revoke compromised credentials and restore integrity.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-04-14T21:47:11.455Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d983bc4522896dcbedf52
Added to database: 5/21/2025, 9:09:15 AM
Last enriched: 6/25/2025, 7:31:55 AM
Last updated: 8/16/2025, 1:19:24 AM
Views: 14
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.