CVE-2025-51991 Scanner

The XWiki software serves as a powerful open-source wiki platform typically used by organizations and individuals for document management, knowledge sharing, and collaboration. It allows users to create and edit web pages collectively in a simple yet feature-rich environment. Trusted by large companies, educational institutions, and community projects, XWiki offers robust functionalities suitable for various administrative and organizational tasks. It is highly customizable, empowering administrators to enforce various configurations and integrations with external systems. The software supports multiple extensions and is built on top of Java EE technologies, making it a versatile choice for both small and large enterprises.

Server Side Template Injection (SSTI) is a critical vulnerability that arises when user input is not correctly validated and is processed within server-side template systems. This can possibly lead to arbitrary code execution on the server when a threat actor inputs malicious payloads. Specifically, in the case of XWiki, this vulnerability occurs within the Administration interface HTTP Meta Info field, allowing authenticated administrators to run unauthorized template code. SSTIs can lead to server compromise, data exposure, and further attack vectors if not mitigated promptly.

The vulnerability within XWiki lies in the improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, allowing template injections. This endpoint, accessible by authenticated users with administrative privileges, is intended for managing presentation settings of the XWiki application. However, lacking input sanitation permits exploitation through crafted input like `%23set%28%24x%3D7%2A7%29%24x`, which is executed within the server. Successful exploitation may lead to outputs that expose internal server states or unintended functions executed on the server, posing significant security risks.

When exploited, this vulnerability can cause severe impacts on system confidentiality, integrity, and availability. Attackers may execute arbitrary server-side code, leading potentially to unauthorized access to sensitive information stored within the server. This breach could further enable remote code execution, allowing an adversary to control the server environment. As a result, it may lead to data breaches, systems being added to botnets, or significant business disruption if critical services are compromised. Prompt mitigation is necessary to prevent such adverse outcomes.

REFERENCES

• https://nvd.nist.gov/vuln/detail/CVE-2025-51991
• https://github.com/malcxlmj/cve-writeups/blob/main/CVE-2025-51991.md