CVE-2025-46557 Any user with view access to the XWiki space can change the authenticator

XWiki is a generic wiki platform. In versions starting from 15.3-rc-1 to before 15.10.14, from 16.0.0-rc-1 to before 16.4.6, and from 16.5.0-rc-1 to before 16.10.0-rc-1, a user who can access pages located in the XWiki space by default, anyone can access the page XWiki.Authentication.Administrati...

PT-2025-18318 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 15.3-rc-1 through 15.10.14 XWiki versions 16.0.0-rc-1 through 16.4.6 XWiki versions 16.5.0-rc-1 through 16.10.0-rc-1 Description: The issue allows a user with access to pages in the XWiki space to access the...