CVE-2025-32969

{"id": "CVE-2025-32969", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-23T16:15:47.797", "references": [{"url": "https://github.com/xwiki/xwiki-platform/commit/5c11a874bd24a581f534d283186e209bbccd8113", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f69v-xrj8-rhxf", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://jira.xwiki.org/browse/XWIKI-22691", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when \"Prevent unregistered users from viewing pages, regardless of the page rights\" and \"Prevent unregistered users from editing pages, regardless of the page rights\" options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki."}, {"lang": "es", "value": "XWiki es una plataforma wiki gen\u00e9rica. En versiones a partir de la 1.8 y anteriores a las 15.10.16, 16.4.6 y 16.10.1, un usuario remoto no autenticado puede escapar del contexto de ejecuci\u00f3n HQL y realizar una inyecci\u00f3n SQL ciega para ejecutar sentencias SQL arbitrarias en el backend de la base de datos, incluso cuando las opciones \"Impedir que usuarios no registrados vean p\u00e1ginas, independientemente de sus derechos\" e \"Impedir que usuarios no registrados editen p\u00e1ginas, independientemente de sus derechos\" est\u00e1n habilitadas. Dependiendo del backend de la base de datos utilizado, el atacante podr\u00eda obtener informaci\u00f3n confidencial, como hashes de contrase\u00f1as, y ejecutar consultas UPDATE/INSERT/DELETE. Este problema se ha corregido en las versiones 16.10.1, 16.4.6 y 15.10.16. No se conoce ning\u00fan workaround, salvo actualizar XWiki."}], "lastModified": "2025-04-30T15:50:37.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2F4E27B-4256-40AC-8DF8-62192CAD4235", "versionEndExcluding": "15.10.16", "versionStartIncluding": "1.8"}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BFE4D4B-D3CB-46DB-BAC6-2615398EA883", "versionEndExcluding": "16.4.6", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8150C269-44A7-486B-A7BB-06CB0D631348", "versionEndExcluding": "16.10.1", "versionStartIncluding": "16.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}