{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-23025", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-01-10T15:11:08.880Z", "datePublished": "2025-01-14T17:42:14.304Z", "dateUpdated": "2025-01-15T15:30:06.298Z"}, "containers": {"cna": {"title": "Privilege escalation (PR) through realtime WYSIWYG editing in XWiki", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmm7-r7wr-xpfg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmm7-r7wr-xpfg"}, {"name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/CKEditor+Integration#HAdministrationSection", "tags": ["x_refsource_MISC"], "url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/CKEditor+Integration#HAdministrationSection"}, {"name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Realtime%20WYSIWYG%20Editor", "tags": ["x_refsource_MISC"], "url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Realtime%20WYSIWYG%20Editor"}, {"name": "https://jira.xwiki.org/browse/XWIKI-21949", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-21949"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 13.9-rc-1, < 15.10.12", "status": "affected"}, {"version": ">= 16.0.0, < 16.4.1", "status": "affected"}, {"version": ">= 16.5.0, < 16.6.0-rc-1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-14T17:42:14.304Z"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only **edit right** can join a realtime editing session where others, that where already there or that may join later, have **script** or **programming** access rights. This user can then insert **script rendering macros** that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights. This vulnerability has been patched in XWiki 15.10.2, 16.4.1 and 16.6.0-rc-1. Users are advised to upgrade. Users unable to upgrade may either disable the realtime WYSIWYG editing by disabling the ``xwiki-realtime`` CKEditor plugin from the WYSIWYG editor administration section or uninstall the Realtime WYSIWYG Editorextension (org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui)."}], "source": {"advisory": "GHSA-rmm7-r7wr-xpfg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-15T15:29:51.884454Z", "id": "CVE-2025-23025", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-15T15:30:06.298Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23025", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-15T15:29:51.884454Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-15T15:29:58.292Z"}}], "cna": {"title": "Privilege escalation (PR) through realtime WYSIWYG editing in XWiki", "source": {"advisory": "GHSA-rmm7-r7wr-xpfg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"status": "affected", "version": ">= 13.9-rc-1, < 15.10.12"}, {"status": "affected", "version": ">= 16.0.0, < 16.4.1"}, {"status": "affected", "version": ">= 16.5.0, < 16.6.0-rc-1"}]}], "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmm7-r7wr-xpfg", "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmm7-r7wr-xpfg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/CKEditor+Integration#HAdministrationSection", "name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/CKEditor+Integration#HAdministrationSection", "tags": ["x_refsource_MISC"]}, {"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Realtime%20WYSIWYG%20Editor", "name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Realtime%20WYSIWYG%20Editor", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.xwiki.org/browse/XWIKI-21949", "name": "https://jira.xwiki.org/browse/XWIKI-21949", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only **edit right** can join a realtime editing session where others, that where already there or that may join later, have **script** or **programming** access rights. This user can then insert **script rendering macros** that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights. This vulnerability has been patched in XWiki 15.10.2, 16.4.1 and 16.6.0-rc-1. Users are advised to upgrade. Users unable to upgrade may either disable the realtime WYSIWYG editing by disabling the ``xwiki-realtime`` CKEditor plugin from the WYSIWYG editor administration section or uninstall the Realtime WYSIWYG Editorextension (org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-14T17:42:14.304Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23025", "state": "PUBLISHED", "dateUpdated": "2025-01-15T15:30:06.298Z", "dateReserved": "2025-01-10T15:11:08.880Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-01-14T17:42:14.304Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDA63367-EB24-44E0-A50F-6C5AE08F4A3D", "versionEndExcluding": "15.10.12", "versionStartIncluding": "13.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "5921C493-2A56-49BC-8763-7D12518C0DC2", "versionEndExcluding": "16.4.1", "versionStartIncluding": "16.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:16.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "0E19BF5E-55B0-4587-971D-CD66E330B605", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:16.5.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "6F584366-586F-453C-8E5F-F252ECD0C815", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only **edit right** can join a realtime editing session where others, that where already there or that may join later, have **script** or **programming** access rights. This user can then insert **script rendering macros** that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights. This vulnerability has been patched in XWiki 15.10.2, 16.4.1 and 16.6.0-rc-1. Users are advised to upgrade. Users unable to upgrade may either disable the realtime WYSIWYG editing by disabling the ``xwiki-realtime`` CKEditor plugin from the WYSIWYG editor administration section or uninstall the Realtime WYSIWYG Editorextension (org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui)."}, {"lang": "es", "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de tiempo de ejecuci\u00f3n para aplicaciones creado sobre ella. NOTA: La extensi\u00f3n Realtime WYSIWYG Editor era **experimental**, y por lo tanto **no recomendada**, en las versiones afectadas por esta vulnerabilidad. Se ha habilitado de forma predeterminada, y por lo tanto se recomienda, a partir de XWiki 16.9.0. Un usuario con solo **derecho de edici\u00f3n** puede unirse a una sesi\u00f3n de edici\u00f3n en tiempo real en la que otros, que ya estaban all\u00ed o que se unir\u00e1n m\u00e1s tarde, tienen **derechos de acceso de MASK15**** o **programaci\u00f3n**. Este usuario puede insertar Script macros de renderizado** que se ejecutan para esos usuarios en la sesi\u00f3n en tiempo real mediante el script MASK13** o los derechos de programaci\u00f3n. Los Scripts insertados se pueden utilizar para obtener m\u00e1s derechos de acceso. Esta vulnerabilidad se ha corregido en XWiki 15.10.2, 16.4.1 y 16.6.0-rc-1. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden deshabilitar la edici\u00f3n WYSIWYG en tiempo real deshabilitando el complemento CKEditor ``xwiki-realtime`` desde la secci\u00f3n de administraci\u00f3n del editor WYSIWYG o desinstalar la extensi\u00f3n Realtime WYSIWYG Editor (org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui)."}], "id": "CVE-2025-23025", "lastModified": "2025-05-13T13:34:05.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-14T18:16:05.650", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/CKEditor+Integration#HAdministrationSection"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Realtime%20WYSIWYG%20Editor"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmm7-r7wr-xpfg"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XWIKI-21949"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}