CVE-2025-55749
HIGH EXPLOITED NUCLEIXWiki <16.10.11, 17.4.4, 17.7.0 - Info Disclosure
Title source: llmDescription
XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package (XJetty), a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials. Fixed in 16.10.11, 17.4.4, and 17.7.0.
Nuclei Templates (1)
XWiki - Information Disclosure
HIGHVERIFIEDby DhiyaneshDk
FOFA:
app="XWIKI-Platform"
Scores
CVSS v3
7.5
EPSS
0.0102
EPSS Percentile
77.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
VulnCheck KEV
2026-01-14
CWE
CWE-284
Status
published
Products (3)
org.xwiki.platform/xwiki-platform-tool-jetty-resources
16.7.0 - 16.10.11Maven
xwiki/wiki-platform
16.7.0 - 16.10.11
xwiki/xwiki
16.7.0 - 16.10.11
Published
Dec 01, 2025
Tracked Since
Feb 18, 2026