CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint

🗓️ 19 Mar 2025 17:36:28Reported by GoogleType

osv🔗 osv.dev👁 10 Views

XWiki Platform exposed protected pages via REST endpoints before specific versions; patched in recent updates.

Reporter	Title	Published	Views	Family All 15
BDU FSTEC	The vulnerability of the org.xwiki.platform:xwiki-platform-rest-server component of the XWiki Platform, a platform for creating collaborative web applications. This vulnerability allows an attacker to gain unauthorized access to protected information.	26 Mar 202500:00	–	bdu_fstec
Circl	CVE-2025-29925	19 Mar 202519:06	–	circl
CNNVD	XWiki Platform 安全漏洞	19 Mar 202500:00	–	cnnvd
CVE	CVE-2025-29925	19 Mar 202517:36	–	cve
Cvelist	CVE-2025-29925 XWiki allows unregistered users to access private pages information through REST endpoint	19 Mar 202517:36	–	cvelist
EUVD	EUVD-2025-6735	3 Oct 202520:07	–	euvd
Github Security Blog	XWiki allows unregistered users to access private pages information through REST endpoint	19 Mar 202520:34	–	github
Nuclei	XWiki REST API - Private Pages Disclosure	4 Feb 202607:00	–	nuclei
NVD	CVE-2025-29925	19 Mar 202518:15	–	nvd
OpenVAS	XWiki 1.9 < 15.10.14, 16.x < 16.4.6, 16.5.x < 16.10.0 Authorization Bypass Vulnerability (GHSA-22q5-9phm-744v)	1 Apr 202500:00	–	openvas

Source	Link
jira	www.jira.xwiki.org/browse/XWIKI-22630
jira	www.jira.xwiki.org/browse/XWIKI-22639
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2025/29xxx/CVE-2025-29925.json
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-22q5-9phm-744v
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-29925
github	www.github.com/xwiki/xwiki-platform/commit/1fb12d2780f37b34a1b4dfdf8457d97ce5cbb2df
github	www.github.com/xwiki/xwiki-platform/commit/bca72f5ce971a31dba2a016d8dd8badda4475206

10 Apr 2026 05:24Current

6.5Medium risk

Vulners AI Score6.5

CVSS 48.7

EPSS0.01149