{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T18:11:11.582","vulnerabilities":[{"cve":{"id":"CVE-2025-29926","sourceIdentifier":"security-advisories@github.com","published":"2025-03-19T18:15:25.770","lastModified":"2025-05-13T13:34:02.323","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XWiki Platform is a generic wiki platform. Prior to 15.10.15, 16.4.6, and 16.10.0, any user can exploit the WikiManager REST API to create a new wiki, where the user could become an administrator and so performs other attacks on the farm. Note that this REST API is not bundled in XWiki Standard by default: it needs to be installed manually through the extension manager. The problem has been patched in versions 15.10.15, 16.4.6 and 16.10.0 of the REST module."},{"lang":"es","value":"XWiki Platform es una plataforma wiki genérica. Antes de las versiones 15.10.15, 16.4.6 y 16.10.0, cualquier usuario podía explotar la API REST de WikiManager para crear una nueva wiki, donde podía convertirse en administrador y, por lo tanto, realizar otros ataques a la granja. Tenga en cuenta que esta API REST no está incluida en XWiki Standard por defecto: debe instalarse manualmente mediante el administrador de extensiones. El problema se ha corregido en las versiones 15.10.15, 16.4.6 y 16.10.0 del módulo REST."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.1","versionEndExcluding":"15.10.15","matchCriteriaId":"7B6EE116-FFCD-4572-BA13-9103C7E6FC16"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.4.6","matchCriteriaId":"8BFE4D4B-D3CB-46DB-BAC6-2615398EA883"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"16.5.0","versionEndExcluding":"16.10.0","matchCriteriaId":"B65AB7D1-06C3-4473-8A19-FCFAFF0A120D"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:5.4:-:*:*:*:*:*:*","matchCriteriaId":"AE3BDC8D-641F-4EA2-BEC6-BE1AE6FABF25"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:5.4:rc1:*:*:*:*:*:*","matchCriteriaId":"B896CC1C-BB7E-40AD-846A-676C2C1AF0DD"}]}]}],"references":[{"url":"https://github.com/xwiki/xwiki-platform/commit/82aa670106c7f5e6238ca6ed59a52d1800e05b99","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gfp2-6qhm-7x43","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22490","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}}]}