VulnCheck KEV: CVE-2025-55748

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...

CVE-2025-55748

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...

CVE-2025-55748 XWiki Platform's configuration files can be accessed through jsx and sx endpoints

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...

CVE-2025-55748

Affected product : XWiki Platform. Vulnerability : path traversal through the jsx and sx endpoints that allows remote attackers to read configuration files. Root cause : improper access control enabling traversal to read files like WEB-INF/xwiki.cfg. Versions affected : 4.2-milestone-2 through 16...