{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T01:59:10.374","vulnerabilities":[{"cve":{"id":"CVE-2025-49586","sourceIdentifier":"security-advisories@github.com","published":"2025-06-13T18:15:22.737","lastModified":"2025-09-03T17:47:10.440","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"XWiki is an open-source wiki software platform. Any XWiki user with edit right on at least one App Within Minutes application (the default for all users XWiki) can obtain programming right/perform remote code execution by editing the application. This vulnerability has been fixed in XWiki 17.0.0, 16.4.7, and 16.10.3."},{"lang":"es","value":"XWiki es una plataforma de software wiki de código abierto. Cualquier usuario de XWiki con permisos de edición en al menos una aplicación de App Within Minutes (el permiso predeterminado para todos los usuarios de XWiki) puede obtener permisos de programación y ejecutar código remoto editando la aplicación. Esta vulnerabilidad se ha corregido en XWiki 17.0.0, 16.4.7 y 16.10.3."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"7.3","versionEndExcluding":"16.4.7","matchCriteriaId":"6469F587-FFDB-43EA-B6CC-59A713B6208B"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*","versionStartIncluding":"16.5.0","versionEndExcluding":"16.10.3","matchCriteriaId":"D0F5857A-8D18-46DA-9D7A-278FFEA940DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:7.2:milestone2:*:*:*:*:*:*","matchCriteriaId":"C2A06C6F-1DBA-4E6D-901A-096F16C08D49"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:7.2:milestone3:*:*:*:*:*:*","matchCriteriaId":"470D146C-5EBF-4399-BF0C-26D9CC48DE0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:xwiki:xwiki:17.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"048F966C-7E51-46CE-9DD4-F0386D3548C2"}]}]}],"references":[{"url":"https://github.com/xwiki/xwiki-platform/commit/ef978315649cf83eae396021bb33603a1a5f7e42","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp4x-w9cj-97q7","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://jira.xwiki.org/browse/XWIKI-22719","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]}]}}]}