CVE-2025-55749 Scanner

XWiki is a popular enterprise wiki software used for creating, managing, and sharing knowledge within an organization. It is often utilized in various sectors including corporate, educational, and non-profit environments. XWiki is designed to facilitate collaboration and improve productivity by providing a platform for information exchange. Its robust set of features includes document management, task workflows, and collaboration tools. Due to its open-source nature, XWiki is highly customizable according to the needs of an organization. Typically, IT departments or administrators manage the deployment and maintenance of XWiki to ensure seamless integration and security.

An information disclosure vulnerability in XWiki allows unauthorized parties to gain access to sensitive information stored within the application. This specific vulnerability arises from exposed contexts that permit static access to files within the webapp directory. By accessing these files, attackers can glean critical information such as configuration settings and potentially sensitive data. Such vulnerabilities pose a significant risk to the confidentiality and integrity of the information managed by XWiki. Mitigating this vulnerability requires updating XWiki to the latest secure version.

The particular information disclosure flaw in XWiki is attributed to the use of the XJetty package, which improperly exposes the context allowing static file access. The vulnerable endpoint in question often involves access points to the `webapps/xwiki/WEB-INF/xwiki.properties` file. Attackers exploiting this vulnerability usually search for specific keywords such as `diff.xml.dataURI` and `core.renderingcache.enabled` in response data to confirm the presence of sensitive information. Properly securing these files is crucial for maintaining the confidentiality of the organization's data. Ensuring the XJetty package has the latest security patches applied is a necessary preventive measure.

Exploitation of the information disclosure vulnerability in XWiki can lead to severe consequences including unauthorized access to sensitive files and credentials. Such access can facilitate further attacks on the system, including privilege escalation or lateral movement within an organization's network. Furthermore, the loss of sensitive data can result in legal liabilities, reputation damage, and financial losses for the affected organization. Addressing this exposure reduces the risk of unauthorized access and secures sensitive organizational data against potential exploitation.

REFERENCES

• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-53gx-j3p6-2rw9
• https://nvd.nist.gov/vuln/detail/CVE-2025-55749