CVE-2025-66473

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

CVE-2025-66473 XWiki's REST APIs don't enforce any limits, leading to unavailability and OOM in large wikis

XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for the number of items that can be requested in a single request at the moment. Depending on the number of...

CVE-2025-55749

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

EUVD-2025-200075

XWiki is an open-source wiki software platform. From 16.7.0 to 16.10.11, 17.4.4, or 17.7.0, in an instance which is using the XWiki Jetty package XJetty, a context is exposed to statically access any file located in the webapp/ folder. It allows accessing files which might contains credentials...

PT-2025-48545

Name of the Vulnerable Software and Affected Versions XWiki versions 16.7.0 through 16.10.11 XWiki versions 17.4.0 through 17.4.4 XWiki version 17.7.0 Description XWiki, an open-source wiki software platform, has an issue where the XWiki Jetty package XJetty exposes a context allowing static acce...

PT-2025-50549

Name of the Vulnerable Software and Affected Versions XWiki versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3, and 17.5.0-rc-1 through 17.6.0 Description The XWiki platform contains a REST API that does not limit the number of items requested in a single request. This can cause performance...