CVE-2025-49594

Name of the Vulnerable Software and Affected Versions XWiki versions 2.17.1 through 2.18.1

Description XWiki OpenID Connect (OIDC) contains tools for manipulating the OpenID Connect protocol. Individuals with VIEW access to a user profile can generate a token for that user in versions prior to 2.18.2. If the XWiki instance permits token authentication, this allows authentication as any user, as user profiles are often viewable by other registered users.

Recommendations Upgrade to version 2.18.2. Disable token access.