CVE-2025-32968

HIGH EPSS 35.8%
Published Apr 23, 20251y ago · Modified Jun 17, 20262w ago
8.6 CVSS 4.0
High
Find Similar
Published Apr 23, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. The protection added to this REST API is the same as the one used to validate complete select queries, making it more consistent. However, while the script API always had this protection for complete queries, it's important to note that it's a very strict protection and some valid, but complex, queries might suddenly require the author to have programming right.

CVSS Details

Base Score
8.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
35.8% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 3

VendorProductVersionRange
xwikixwiki*≥1.6  –  <15.10.16
xwikixwiki*≥16.0.0  –  <16.4.6
xwikixwiki*≥16.5.0  –  ≤16.10.1

References 2

  • github.com https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9jj-75mx-wjcx
    Vendor Advisory
  • jira.xwiki.org https://jira.xwiki.org/browse/XWIKI-22718
    ExploitIssue TrackingVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.