CVE-2025-55747

CRITICAL EXPLOITED NUCLEI

XWiki Platform <16.10.6 - Info Disclosure

Title source: llm

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7.

Nuclei Templates (1)

XWiki Platform - Information Disclosure

HIGHVERIFIEDby Redmomn

FOFA: app="XWIKI-Platform"

References (3)

[Patch] https://github.com/xwiki/xwiki-platform/commit/9e7b4c03f2143978d891109a17159f73d4cdd318#diff-45ea9c87d5fb68cd5db0da7f78cf25e76f1325f5fe56e21618b21786fc706236R80-R81

View Patch ZIP pw:eip

[Vendor Advisory] https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qww7-89xh-x7m7

[Issue Tracking, Vendor Advisory] https://jira.xwiki.org/browse/XWIKI-19350

Scores

CVSS v3 9.1

EPSS 0.0147

EPSS Percentile 81.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

VulnCheck KEV 2025-12-15

CWE

CWE-23

Status published

Products (3)

org.xwiki.platform/xwiki-platform-webjars-api 6.1-milestone-2 - 16.10.7Maven

xwiki/xwiki 6.1 milestone2 (2 CPE variants)

xwiki/xwiki 6.2 - 16.10.7

Published Sep 03, 2025

Tracked Since Feb 18, 2026