Xwiki · Xwiki Platform · CVE-2025-55748
**Name of the Vulnerable Software and Affected Versions**
XWiki Platform versions 4.2-milestone-2 through 16.10.6
**Description**
The XWiki Platform is a generic wiki platform. Configuration files are accessible through jsx and sx endpoints. An attacker can access and read configuration files using URLs such as `http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false`.
**Recommendations**
Upgrade to version 16.10.7 or later.