The vulnerability of the org.xwiki.platform:xwiki-platform-rest-server component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to gain unauthorized access to protected information.

🗓️ 26 Mar 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in org.xwiki.platform:xwiki-platform-rest-server enables leakage of protected information.

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2025-29925	19 Mar 202519:06	–	circl
CNNVD	XWiki Platform 安全漏洞	19 Mar 202500:00	–	cnnvd
CVE	CVE-2025-29925	19 Mar 202517:36	–	cve
Cvelist	CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint	19 Mar 202517:36	–	cvelist
EUVD	EUVD-2025-6735	3 Oct 202520:07	–	euvd
Github Security Blog	XWiki allows unregistered users to access private pages information through REST endpoint	19 Mar 202520:34	–	github
Nuclei	XWiki REST API - Private Pages Disclosure	4 Feb 202607:00	–	nuclei
NVD	CVE-2025-29925	19 Mar 202518:15	–	nvd
OpenVAS	XWiki 1.9 < 15.10.14, 16.x < 16.4.6, 16.5.x < 16.10.0 Authorization Bypass Vulnerability (GHSA-22q5-9phm-744v)	1 Apr 202500:00	–	openvas
OSV	CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint	19 Mar 202517:36	–	osv

Source	Link
github	www.github.com/xwiki/xwiki-platform/commit/1fb12d2780f37b34a1b4dfdf8457d97ce5cbb2df
github	www.github.com/xwiki/xwiki-platform/commit/bca72f5ce971a31dba2a016d8dd8badda4475206
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-22q5-9phm-744v
jira	www.jira.xwiki.org/browse/XWIKI-22630
jira	www.jira.xwiki.org/browse/XWIKI-22639
web	www.web.nvd.nist.gov/view/vuln/detail

28 Mar 2025 00:00Current

5.4Medium risk

Vulners AI Score5.4

CVSS 37.5

CVSS 27.8

EPSS0.00906

xwiki platform rest server data leakage unauthorized access protected information