CVE-2025-32974 is a critical security vulnerability affecting the XWiki platform, a widely used generic wiki software. The flaw exists in versions from 15.9-rc-1 up to but not including 15.10.8, and from 16.0.0-rc-1 up to but not including 16.2.0. The vulnerability arises due to improper encoding or escaping of output (CWE-116) combined with insufficient rights analysis (CWE-269) related to TextArea properties with default content types. Specifically, when a user edits a page containing script macros, XWiki warns if the script would gain elevated rights. However, this rights analysis fails to consider certain properties, allowing an attacker with limited privileges to inject malicious scripts into these properties. These scripts execute when a user with higher privileges (script, admin, or programming rights) edits the page, effectively escalating the attacker's privileges. The impact includes potential full compromise of the XWiki installation, affecting confidentiality, integrity, and availability. The vulnerability has a CVSS v3.1 score of 9.1 (critical), reflecting its network exploitability, low attack complexity, requirement for privileges but only limited user interaction, and the potential for complete system compromise. No known exploits are currently reported in the wild. The issue was patched in versions 15.10.8 and 16.2.0, and users are strongly advised to upgrade to these or later versions to mitigate the risk.

For European organizations using affected versions of XWiki, this vulnerability poses a significant risk. XWiki is often deployed in enterprise environments for collaborative documentation, knowledge management, and internal wikis, including in sectors such as government, finance, healthcare, and manufacturing. Exploitation could allow attackers to execute arbitrary scripts with elevated privileges, leading to unauthorized access to sensitive information, data manipulation, and potential disruption of services. This could result in data breaches, loss of intellectual property, operational downtime, and reputational damage. Given the critical severity and the ability to escalate privileges through trusted users, organizations face risks of insider threat amplification and supply chain compromise if XWiki is integrated into broader IT ecosystems. The vulnerability's exploitation could also facilitate lateral movement within networks, increasing the attack surface and complicating incident response.

1. Immediate upgrade of all XWiki installations to version 15.10.8 or 16.2.0 or later, where the vulnerability is patched. 2. Implement strict access controls and minimize the number of users with script, admin, or programming rights to reduce the risk of privilege escalation. 3. Conduct a thorough audit of existing wiki pages for suspicious or unexpected script macros, especially in TextArea properties, and remove or sanitize them. 4. Enable and monitor detailed logging of page edits and script executions within XWiki to detect anomalous activities indicative of exploitation attempts. 5. Employ web application firewalls (WAFs) with custom rules to detect and block malicious script injections targeting XWiki. 6. Educate users with elevated privileges about the risks of editing pages containing scripts and encourage verification of content before saving changes. 7. Regularly review and update security policies related to wiki platform usage and integrate vulnerability scanning into routine security assessments. 8. If immediate upgrade is not feasible, consider temporarily disabling script macro execution or restricting editing capabilities to trusted administrators until patches can be applied.