CVE-2025-55747
CRITICAL EXPLOITED NUCLEIXWiki Platform <16.10.6 - Info Disclosure
Title source: llmExploitation Summary
CVE-2025-55747 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.
Nuclei Templates (1)
XWiki Platform - Information Disclosure
HIGHVERIFIEDby Redmomn
FOFA:
app="XWIKI-Platform"
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qww7-89xh-x7m7
Patch x_refsource_misc
https://github.com/xwiki/xwiki-platform/commit/9e7b4c03f2143978d891109a17159f73d4cdd318#diff-45ea9c87d5fb68cd5db0da7f78cf25e76f1325f5fe56e21618b21786fc706236R80-R81
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.xwiki.org/browse/XWIKI-19350
Scores
CVSS v3
9.1
EPSS
0.0129
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-12-15
CWE
CWE-23
Status
published
Products (4)
org.xwiki.platform/xwiki-platform-webjars
6.1-miletone-2Maven
org.xwiki.platform/xwiki-platform-webjars-api
6.1-milestone-2 - 16.10.7Maven
xwiki/xwiki
6.1 milestone2 (2 CPE variants)
xwiki/xwiki
6.2 - 16.10.7
Published
Sep 03, 2025
Tracked Since
Feb 18, 2026