Skip to main content

CVE-2025-48885: CWE-352: Cross-Site Request Forgery (CSRF) in xwikisas application-urlshortener

Medium
VulnerabilityCVE-2025-48885cvecve-2025-48885cwe-352
Published: Fri May 30 2025 (05/30/2025, 18:41:59 UTC)
Source: CVE Database V5
Vendor/Project: xwikisas
Product: application-urlshortener

Description

application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests) can create these docs, even if they don't exist already. This can enable guest users to denature the structure of wiki pages, by creating 1000's of pages with random name, that then become very difficult to handle by admins. Version 1.2.4 fixes the issue. No known workarounds are available.

AI-Powered Analysis

AILast updated: 07/08/2025, 13:55:47 UTC

Technical Analysis

CVE-2025-48885 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the application-urlshortener component of the xwikisas platform, specifically versions prior to 1.2.4. The application-urlshortener is designed to create shortened URLs for XWiki pages. Due to insufficient CSRF protections, users with view access—including unauthenticated guest users—can exploit this flaw to create arbitrary wiki pages without proper authorization. This means that even guests can generate thousands of pages with random names, overwhelming the wiki structure and making administrative management difficult or impractical. The vulnerability arises because the application does not properly verify the origin or intent of requests to create pages, allowing attackers to craft malicious requests that execute unintended actions on behalf of legitimate users. The issue was addressed in version 1.2.4, and no known workarounds exist, emphasizing the importance of timely patching. The CVSS v4.0 score is 5.7 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, but with a high impact on integrity due to unauthorized page creation. There are no known exploits in the wild at this time.

Potential Impact

For European organizations using xwikisas with the vulnerable application-urlshortener versions, this vulnerability can lead to significant operational disruption. Unauthorized creation of thousands of wiki pages can clutter and corrupt the wiki's content structure, impeding knowledge management and collaboration workflows. This can degrade productivity, increase administrative overhead, and potentially cause confusion or misinformation if malicious or misleading pages are introduced. While confidentiality and availability impacts are limited, the integrity of the wiki content is severely affected. Organizations relying on XWiki for internal documentation, project management, or compliance records may face compliance risks if data integrity cannot be assured. Additionally, the ability for unauthenticated guests to perform these actions increases the attack surface, making public-facing wikis particularly vulnerable to abuse or vandalism. Although no direct data exfiltration or system compromise is indicated, the operational impact and potential reputational damage from defaced or corrupted content are notable concerns.

Mitigation Recommendations

The primary mitigation is to upgrade the application-urlshortener component to version 1.2.4 or later, where the CSRF vulnerability is fixed. Since no workarounds are available, patching is critical. Organizations should also implement the following measures: 1) Enforce strict access controls on the wiki, limiting view access to trusted users where possible to reduce exposure. 2) Deploy Web Application Firewalls (WAFs) with custom rules to detect and block suspicious POST requests that attempt mass page creation or unusual URL patterns. 3) Monitor wiki page creation logs for anomalous spikes in page creation activity, enabling rapid detection and response to abuse. 4) Educate administrators on the importance of timely updates and monitoring for unusual wiki behavior. 5) Consider implementing additional CSRF protections at the application or proxy level if feasible, such as validating origin headers or requiring tokens for state-changing requests. These steps, combined with patching, will reduce the risk and impact of exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-05-27T20:14:34.297Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 6839ffe7182aa0cae2bc9d5b

Added to database: 5/30/2025, 6:58:47 PM

Last enriched: 7/8/2025, 1:55:47 PM

Last updated: 8/8/2025, 11:05:26 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats