{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T04:36:50.395","vulnerabilities":[{"cve":{"id":"CVE-2025-29925","sourceIdentifier":"security-advisories@github.com","published":"2025-03-19T18:15:25.300","lastModified":"2025-04-30T15:57:32.057","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with \"Prevent unregistered user to view pages\": the endpoint would still list the pages of the wiki, though only for the main wiki. The problem has been patched in XWiki 15.10.14, 16.4.6, 16.10.0RC1. In those versions the endpoint can still be requested but the result is filtered out based on pages rights."},{"lang":"es","value":"XWiki Platform es una plataforma wiki genérica. Antes de las versiones 15.10.14, 16.4.6 y 16.10.0-rc-1, las páginas protegidas se listaban al solicitar los endpoints REST /rest/wikis/[wikiName]/pages, incluso si el usuario no tenía permisos de visualización. Esto es especialmente cierto si toda la wiki está protegida con la opción \"Impedir que usuarios no registrados vean las páginas\": el endpoint seguiría listando las páginas de la wiki, aunque solo para la wiki principal. El problema se ha corregido en XWiki 15.10.14, 16.4.6 y 16.10.0RC1. En estas versiones, el endpoint aún se puede solicitar, pero el resultado se filtra según los permisos de las páginas."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-402"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"1.9","versionEndExcluding":"15.10.14","matchCriteriaId":"A2AF24BE-3AFD-4D9C-B2E0-1D5E617D3DCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.4.6","matchCriteriaId":"8BFE4D4B-D3CB-46DB-BAC6-2615398EA883"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"16.5.0","versionEndIncluding":"16.10.0","matchCriteriaId":"E72285EA-C42B-42E5-8402-73C42E2A263D"}]}]}],"references":[{"url":"https://github.com/xwiki/xwiki-platform/commit/1fb12d2780f37b34a1b4dfdf8457d97ce5cbb2df","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/xwiki/xwiki-platform/commit/bca72f5ce971a31dba2a016d8dd8badda4475206","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-22q5-9phm-744v","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22630","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22639","source":"security-advisories@github.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22630","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22639","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Vendor Advisory"]}]}}]}