{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T05:48:00.786","vulnerabilities":[{"cve":{"id":"CVE-2025-32972","sourceIdentifier":"security-advisories@github.com","published":"2025-04-30T15:16:01.680","lastModified":"2025-05-13T15:05:07.237","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, making it possible to clean the cache without having programming right. The only impact of this is a slowdown in XWiki execution as the caches are re-filled. As this vulnerability requires script right to exploit, and script right already allows unlimited execution of scripts, the additional impact due to this vulnerability is low. This issue has been patched in versions 15.10.12, 16.4.3, and 16.8.0-rc-1."},{"lang":"es","value":"XWiki es una plataforma wiki genérica. En versiones desde la 6.1-milestone-1 hasta anteriores a la 15.10.12, desde la 16.0.0-rc-1 hasta anteriores a la 16.4.3, y desde la 16.5.0-rc-1 hasta anteriores a la 16.8.0-rc-1, la API de scripts del compilador LESS en XWiki verifica incorrectamente los permisos al llamar a la API de limpieza de caché, lo que permite limpiar la caché sin tener permisos de programación. El único impacto es una ralentización en la ejecución de XWiki al rellenar las cachés. Dado que esta vulnerabilidad requiere permisos de script para explotarse, y estos permisos ya permiten la ejecución ilimitada de scripts, el impacto adicional es bajo. Este problema se ha corregido en las versiones 15.10.12, 16.4.3 y 16.8.0-rc-1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-285"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"15.10.12","matchCriteriaId":"958763F1-0CC0-4BAD-B1C9-211EDDBF225E"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndExcluding":"16.4.3","matchCriteriaId":"9B04B1AC-349C-45AC-804F-6C020283508B"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"16.5.0","versionEndExcluding":"16.8.0","matchCriteriaId":"019584A5-91D6-4548-B8EF-BD8010C8C90D"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:6.1:-:*:*:*:*:*:*","matchCriteriaId":"CB1892AA-3410-41EA-B45A-1E7EEB6D354D"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:6.1:milestone1:*:*:*:*:*:*","matchCriteriaId":"347BCA66-59DB-4AFE-81AC-CBBC16A9D2C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:6.1:milestone2:*:*:*:*:*:*","matchCriteriaId":"52DBE10F-1F55-46AD-9D47-5C05FAB85777"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:6.1:rc1:*:*:*:*:*:*","matchCriteriaId":"DE2A8246-5889-4BC6-AF65-F19BBAB094C6"}]}]}],"references":[{"url":"https://github.com/xwiki/xwiki-platform/commit/91752122d8782f171f8728004a57bdaefc34253e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rp38-24m3-rx87","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22462","source":"security-advisories@github.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22462","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Issue Tracking","Vendor Advisory"]}]}}]}