PT-2025-35832 · Xwiki · Xwiki Platform
Gregor Neumann
·
Published
2025-09-03
·
Updated
2026-01-16
·
CVE-2025-55748
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
XWiki Platform versions 4.2-milestone-2 through 16.10.6
Description
The XWiki Platform is a generic wiki platform. Configuration files are accessible through jsx and sx endpoints. An attacker can access and read configuration files using URLs such as
http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false.Recommendations
Upgrade to version 16.10.7 or later.
Exploit
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xwiki Platform