CVE-2025-49594 is an improper authorization vulnerability (CWE-285) in the xwiki-contrib oidc module, which handles OpenID Connect protocol integration within XWiki. The flaw exists in versions starting from 2.17.1 up to but not including 2.18.2. The vulnerability allows any user who has VIEW access to another user's profile to generate an authentication token for that user. Since many XWiki instances configure token authentication and user profiles are often viewable by other registered users, this effectively enables an attacker to authenticate as any user without needing their credentials. The root cause is insufficient authorization checks on token creation functionality, allowing privilege escalation through token misuse. The vulnerability has a CVSS 4.0 score of 9.2, reflecting critical severity due to network exploitability, no user interaction, and no privileges required. The vulnerability was publicly disclosed on October 6, 2025, and fixed in version 2.18.2. Until patching, disabling token authentication is advised as a workaround. No known exploits are reported in the wild yet, but the ease of exploitation and impact on confidentiality, integrity, and availability make this a high-risk vulnerability. Organizations relying on XWiki OIDC for authentication should prioritize remediation to prevent unauthorized access and potential data breaches.

This vulnerability allows attackers to impersonate any user on a vulnerable XWiki instance by generating authentication tokens without proper authorization. For European organizations, this can lead to unauthorized access to sensitive information, internal documentation, and collaboration platforms, potentially exposing confidential business data or personal information protected under GDPR. The compromise of privileged accounts could enable further lateral movement, data exfiltration, or disruption of services. Public sector entities, research institutions, and enterprises using XWiki for knowledge management or intranet portals are particularly at risk. The impact extends to loss of trust, regulatory penalties, and operational disruption. Since token authentication is often integrated into single sign-on (SSO) workflows, the vulnerability could undermine broader identity and access management controls. The critical severity and ease of exploitation heighten the urgency for European organizations to address this flaw promptly.

1. Immediately upgrade the xwiki-contrib oidc component to version 2.18.2 or later, which contains the patch fixing the improper authorization issue. 2. If immediate patching is not feasible, disable token authentication in the XWiki configuration to prevent token-based logins. 3. Review and restrict VIEW access permissions on user profiles to the minimum necessary, reducing the attack surface. 4. Conduct an audit of recent authentication tokens issued and user activity logs to detect any suspicious access or token creation events. 5. Implement monitoring and alerting for unusual authentication patterns or token usage. 6. Educate administrators and users about the vulnerability and the importance of applying security updates promptly. 7. Consider additional hardening of identity and access management policies, including multi-factor authentication (MFA) where possible. 8. Regularly review and update security configurations related to OIDC and token handling to ensure compliance with best practices.