6.1

CVE-2025-32970

Exploit

EPSS 0.22%
Published 30.04.2025 14:54:52
Last modified 13.05.2025 15:13:38
Source security-advisories@github.com
Teams watchlist Login
Open Login

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirects to any URL. This issue has been patched in versions 15.10.13, 16.4.4, and 16.8.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Xwiki ≫ Xwiki Version >= 13.5 < 15.10.13

Xwiki ≫ Xwiki Version >= 16.0.0 < 16.4.4

Xwiki ≫ Xwiki Version >= 16.5.0 < 16.8.0

Xwiki ≫ Xwiki Version16.8.0 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.444

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pjhg-9wr9-rj96

Vendor Advisory

https://github.com/xwiki/xwiki-platform/commit/6dab7909f45deb00efd36a0cd47788e95ad64802

Patch

https://jira.xwiki.org/browse/XWIKI-22487

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-32970

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32970

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32970

EUVD