CVE-2025-52472 Scanner

XWiki is a popular open-source wiki software used by organizations of all sizes for collaborative content creation and management. It is typically deployed in environments where multiple users contribute and access information simultaneously, from educational institutions to corporate intranet systems. The software allows users to create and edit pages easily, organize content into spaces and wikis, and manage permissions to control user access. It is favored for its extensibility, allowing integration with other tools and systems through plugins and APIs. Additionally, XWiki supports numerous customization options, making it adaptable to specific organizational needs. Overall, it is a robust platform for knowledge management and documentation.

This vulnerability pertains to a SQL Injection flaw in XWiki, specifically affecting its use of the Hibernate Query Language (HQL) in the REST API for wiki and space searches. Due to improper input validation, attackers can inject malicious HQL queries into the 'orderField' parameter. This can lead to unauthorized data extraction, authentication bypasses, and potentially remote code execution, dependent on the database backend and the configuration in use. This issue arises from not adequately sanitizing user inputs, allowing attackers to manipulate query structures. It highlights the importance of secure programming practices, especially in features that interact directly with databases. The risk is compounded when sensitive information is exposed via these queries.

The technical details of the vulnerability involve leveraging the REST API to manipulate database queries through the 'orderField' parameter. Attackers craft payloads that either extract data or disrupt operations by injecting commands such as 'pg_sleep()'. The vulnerability is most impactful on databases that don't provide sufficient defense against SQL injection. Affected endpoints include those that handle query ordering in search operations within XWiki. Specifically, payloads might alter query logic, leading to query errors, unauthorized access, or data manipulation. Identifying such flaws involves analyzing query execution paths and assessing parameters susceptible to injection.

Exploiting this vulnerability allows attackers to perform a range of malicious activities. Successful exploitation could lead to data breaches, where sensitive information is accessed and extracted without authorization. In severe cases, attackers may achieve remote code execution, potentially gaining control over the server environment. Such exploits could compromise user accounts, alter website content, or disrupt service availability. Furthermore, unaddressed vulnerabilities increase the risk of escalating attacks as attackers use initially compromised systems as launch points for further intrusions. Organizations using affected versions should prioritize remediation to protect their data integrity and system security.

REFERENCES

• https://jira.xwiki.org/browse/XWIKI-23247
• https://nvd.nist.gov/vuln/detail/CVE-2025-52472