CVE-2025-23025

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-23025
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23025.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-23025
Aliases
Published
2025-01-14T17:42:14.304Z
Modified
2026-04-10T05:22:48.389891Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Privilege escalation (PR) through realtime WYSIWYG editing in XWiki
Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was experimental, and thus not recommended, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only edit right can join a realtime editing session where others, that where already there or that may join later, have script or programming access rights. This user can then insert script rendering macros that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights. This vulnerability has been patched in XWiki 15.10.2, 16.4.1 and 16.6.0-rc-1. Users are advised to upgrade. Users unable to upgrade may either disable the realtime WYSIWYG editing by disabling the xwiki-realtime CKEditor plugin from the WYSIWYG editor administration section or uninstall the Realtime WYSIWYG Editorextension (org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui).

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/23xxx/CVE-2025-23025.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-862"
    ]
}
References

Affected packages

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
4234c4f57111c71217219e8364db934e124dea8b
Fixed
6914819340c6e94b51b7e5c68613f47831d4996b
Database specific 
{
    "versions": [
        {
            "introduced": "13.9-rc-1"
        },
        {
            "fixed": "15.10.12"
        }
    ]
}
Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
3c6f5cf138d8095f63631e554ba448e4b780e162
Fixed
c5e378200ac0047419ddd8c5071396ac35df9025
Database specific 
{
    "versions": [
        {
            "introduced": "16.0.0"
        },
        {
            "fixed": "16.4.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/xwiki/xwiki-platform
Events
Introduced
177e524c2e218fe5de776619271b7cd12c929488
Fixed
9d26765cc50a2038f57bf360f8d46beb43260a48
Database specific 
{
    "versions": [
        {
            "introduced": "16.5.0"
        },
        {
            "fixed": "16.6.0-rc-1"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-23025.json"